Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 — FortiClient EMS Pre-Auth Bypass Proof of Con...

GROWI vulnerable to stored cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Stored cross-site scripting CWE-79 - CVE-2026-26291 Norihide Saito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitization and output escaping in the 'src' attribute of the sulightbox shortcode. This makes it possib...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

CVE-2024-47856

In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve tha...

RSA Authentication Agent 安全漏洞

RSA Authentication Agent is a remote access request authentication software from RSA Corporation. A security vulnerability exists in RSA Authentication Agent versions prior to 7.4.7 that stems from a path interception issue that could lead to the execution of an unexpected executable file...

EUVD-2025-24471

Malicious code in bioql PyPI...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2025-27759

Fortinet FortiWeb is affected by an OS Command Injection vulnerability (CWE-78) due to improper neutralization of special elements. Impactable when an authenticated privileged attacker crafts CLI commands to execute arbitrary code on affected versions. Affected software: FortiWeb 7.6.0–7.6.3, 7.4...

CVE-2025-52970

Fortinet FortiWeb is affected by CVE-2025-52970 due to improper handling of parameters in FortiWeb versions 7.6.3 and below, 7.4.7 and below, 7.2.10 and below, and 7.0.10 and below. An unauthenticated remote attacker with non-public device information can gain admin privileges via a specially cra...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists in Fortinet...

RHSA-2021:2065 Red Hat Security Advisory: Red Hat Single Sign-On 7.4.7 security update on RHEL 8

Bulletin has no description...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An information...

CVE-2023-52154

File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...

RHSA-2022:6821 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update

Bulletin has no description...

PT-2024-12555 · Document Foundation · Libreoffice

Name of the Vulnerable Software and Affected Versions: The Document Foundation Libreoffice version 7.4.7 Description: An issue in The Document Foundation Libreoffice allows a remote attacker to cause a denial of service via a crafted .ppt file. Recommendations: For version 7.4.7, consider avoidin...

CVE-2023-52153

A SQL Injection vulnerability in /pmb/opaccss/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value...

CVE-2023-52154

File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...

CVE-2023-51828

A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in getnextnotice function...