5.3
CVE-2026-5713 - Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting …
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via…
6.9
CVE-2026-2399 - Path Traversal Allows Critical File Overwrite in PowerChute Serial Shutdown
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload.
6.2
CVE-2026-39809 - SQL Injection in Fortinet FortiClientEMS Enabling Unauthorized Code Execution
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted r…
6.9
CVE-2026-4832 - Hard‑coded SNMP Credentials Enable Unauthorized Device Access
CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
5.4
CVE-2026-4914 - Stored XSS in Ivanti N-ITSM Leads to Session Information Disclosure
Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required.
5.7
CVE-2026-4913 - Authenticated Bypass of Account Disabling in Ivanti Neurons for ITSM
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled.
0.0
CVE-2026-40609 -
This CVE is a duplicate of another CVE.
7.1
CVE-2026-4344 - Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc…
7.1
CVE-2026-4345 - Stored Cross-Site Scripting (XSS) Vulnerability in Design Name
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o…
7.1
CVE-2026-4369 - Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to …