Lucene search
+L

930 matches found

Cvelist
Cvelist
added 2026/03/10 4:44 p.m.31 views

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

6.6CVSS0.00632EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.14 views

AlmaLinux 8 : php:7.4 (ALSA-2026:2470)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2470 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decod...

9.8CVSS8.8AI score0.02286EPSS
Exploits10References15
OSV
OSV
added 2026/02/11 10:10 a.m.9 views

RHSA-2026:2470 Red Hat Security Advisory: php:7.4 security update

Bulletin has no description...

6.5CVSS5.1AI score0.02286EPSS
Exploits10References68
NVD
NVD
added 2026/02/10 4:16 p.m.7 views

CVE-2025-62439

An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...

4.2CVSS0.00138EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/01/20 6:59 a.m.24 views

Injection sha.js Dependency in Jira Service Management Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Service Management Data Center and Server. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows...

9.1CVSS7.4AI score0.00651EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : php:7.4 (AXSA:2022-3814:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3814:01 advisory. php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the MiracleLinux...

8.1CVSS8.3AI score0.03437EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : php:7.4 (AXSA:2022-3857:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3857:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References4
OSV
OSV
added 2026/01/13 5:15 p.m.4 views

CVE-2025-25249

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to...

9.8CVSS6.2AI score0.00746EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.7 views

CVE-2022-38512

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...

6.5CVSS6.8AI score0.00564EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 5:18 p.m.23 views

CVE-2025-54838

Summary: CVE-2025-54838 is an Incorrect Authorization (CWE-863) vulnerability in FortiPortal 7.4.0–7.4.5 that may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. Affected product/version: FortiPortal 7.4.0 through 7.4.5. Root cause: improper access c...

6.8CVSS6.4AI score0.00273EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 访问控制错误漏洞

Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise are both security orchestration, automation, and response software from Fortinet, Inc. An access control error vulnerability exists in Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise, which stems from improper access control and...

6.5CVSS6.4AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.9 views

Fortinet多款产品 日志信息泄露漏洞

Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform.Fortinet FortiPAM is a platform for privilege access control.Fortinet FortiSRA is a secure remote access software. A log information...

6.6CVSS6.1AI score0.00362EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.12 views

CVE-2025-58412

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL...

6.1CVSS7.4AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 5:20 p.m.9 views

CVE-2025-54972

An improper neutralization of crlf sequences 'crlf injection' vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a...

4.3CVSS6.8AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.7 views

Fortinet FortiADC 安全漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in Fortinet FortiADC that originates from improperly neutralized HTML tags and could lead to a cross-site scripting attack. The following versions are affected: version 8.0.0, versions 7.6....

6.1CVSS5.9AI score0.00167EPSS
Exploits0References2
CVE
CVE
added 2025/11/18 5:1 p.m.54 views

CVE-2025-53843

CVE-2025-53843 describes a stack-based buffer overflow in Fortinet FortiOS that affects FortiOS 6.4 and 7.x series (notably 7.6.0–7.6.3, 7.4.0–7.4.8, and all 7.2/7.0). The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted packets, with network access ...

7.5CVSS7.3AI score0.00593EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.17 views

PT-2025-46973

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 8.0.1 Description: A relative path traversal vulnerability exists in Fortinet FortiWeb versions 7.0.0 through 8.0.1. This flaw allows an unauthenticated attacker to execute administrative commands on t...

10CVSS6.2AI score0.8936EPSS
Exploits17References204
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.11 views

PT-2025-44693

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal 7.4 GA through update 92 Description The Document Library and Adaptive Media modules are affected by an issue where an incorrect...

5.5CVSS6.4AI score0.00123EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.7 views

PT-2025-44448

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal versions 7.3 GA through update 36 Liferay DXP versions 7.4 GA through update 92 Description A cross-site scripting XSS issue exist...

4.8CVSS5.8AI score0.00201EPSS
Exploits0References7
CVE
CVE
added 2025/10/27 9:44 p.m.19 views

CVE-2025-62260

CVE-2025-62260 affects Liferay Portal 7.4.0–7.4.3.99 and Liferay DXP 2023.Q3.1–2023.Q3.4 (also 7.4 GA up to update 92 and 7.3 GA up to update 35; older unsupported versions) where the Headless API does not limit the number of returned objects. This enables remote attackers to trigger denial-of-se...

7.5CVSS6.6AI score0.00351EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder