Fortinet FortiClientEMS 7.4.4 - SQL Injection

Fortinet FortiClientEMS version 7.4.4 and earlier contains an unauthenticated SQL injection vulnerability in the /api/v1/initconsts endpoint. The 'Site' HTTP header value is passed directly into the PostgreSQL searchpath without sanitization, allowing remote unauthenticated attackers to inject...

VulnCheck KEV: CVE-2025-47813

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie...

EUVD-2026-10521

A UNIX symbolic link Symlink following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root...

CVE-2026-24018

A UNIX symbolic link Symlink following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root...

Fortinet FortiClientLinux 安全漏洞

Fortinet FortiClientLinux is a security client software developed by the American company Fortinet. There are security vulnerabilities in versions 7.4.0 to 7.4.4 of Fortinet FortiClientLinux, as well as in versions 7.2.2 to 7.2.12 of FortiClientLinux. These vulnerabilities stem from UNIX symbolic...

CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

PT-2026-6694

Name of the Vulnerable Software and Affected Versions FortiClient EMS versions 7.0.1 through 7.0.13 FortiClient EMS versions 7.2.0 through 7.2.2 FortiClient EMS version 7.4.4 Description An improper neutralization of special elements used in an SQL command SQL injection exists in the web manageme...

Fortinet FortiClientEMS SQL注入漏洞

Fortinet FortiClientEMS is part of the endpoint management solution provided by Fortinet, a company owned by Fortinet Corporation in the United States. It aims to help organizations effectively manage terminal devices within their networks and provide monitoring and control of endpoint security...

Security Bulletin: A vulnerability in module set-value affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in node.js open source package set-value affects IBM Db2 Big SQL 7.4.2 and earlier on Cloud Pak for Data 4.6.2 and earlier Vulnerability Details CVEID:CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system,...

Linux Distros Unpatched Vulnerability : CVE-2022-31042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 How does this detection method work? This...

Wing FTP Server 安全漏洞

Wing FTP Server is a suite of cross-platform FTP server software open-sourced by Wing FTP Server. A security vulnerability exists in Wing FTP Server 7.4.4 and earlier versions, which stems from improper privilege management and may result in elevated privileges...

Wing FTP Remote Code Execution

Wing FTP versions prior to 7.4.4 proof of concept remote code execution exploit...

CVE-2025-22252

A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin...

CVE-2025-5196

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. The attack can be launched remotely. The...

CVE-2024-46669

An Integer Overflow or Wraparound vulnerability CWE-190 in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service...

CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB

Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...

PT-2025-2455 · Fortinet · Fortisoar +1

Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 7.0 through 7.4.0 FortiClientEMS version 7.2.0 through 7.2.4 FortiSOAR versions 6.4 through 7.5.0 FortiSOAR version 7.2.0 through 7.3.2 FortiSOAR version 7.4.0 through 7.4.4 Description: An observable response...