930 matches found
CVE-2026-30897
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...
AlmaLinux 8 : php:7.4 (ALSA-2026:2470)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2470 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decod...
RHSA-2026:2470 Red Hat Security Advisory: php:7.4 security update
Bulletin has no description...
CVE-2025-62439
An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...
Injection sha.js Dependency in Jira Service Management Data Center and Server
This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Service Management Data Center and Server. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows...
MiracleLinux 8 : php:7.4 (AXSA:2022-3814:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3814:01 advisory. php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 8 : php:7.4 (AXSA:2022-3857:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3857:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...
CVE-2025-25249
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to...
CVE-2022-38512
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL...
CVE-2025-54838
Summary: CVE-2025-54838 is an Incorrect Authorization (CWE-863) vulnerability in FortiPortal 7.4.0–7.4.5 that may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. Affected product/version: FortiPortal 7.4.0 through 7.4.5. Root cause: improper access c...
Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 访问控制错误漏洞
Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise are both security orchestration, automation, and response software from Fortinet, Inc. An access control error vulnerability exists in Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise, which stems from improper access control and...
Fortinet多款产品 日志信息泄露漏洞
Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform.Fortinet FortiPAM is a platform for privilege access control.Fortinet FortiSRA is a secure remote access software. A log information...
CVE-2025-58412
A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL...
CVE-2025-54972
An improper neutralization of crlf sequences 'crlf injection' vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a...
Fortinet FortiADC 安全漏洞
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in Fortinet FortiADC that originates from improperly neutralized HTML tags and could lead to a cross-site scripting attack. The following versions are affected: version 8.0.0, versions 7.6....
CVE-2025-53843
CVE-2025-53843 describes a stack-based buffer overflow in Fortinet FortiOS that affects FortiOS 6.4 and 7.x series (notably 7.6.0–7.6.3, 7.4.0–7.4.8, and all 7.2/7.0). The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted packets, with network access ...
PT-2025-46973
Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 8.0.1 Description: A relative path traversal vulnerability exists in Fortinet FortiWeb versions 7.0.0 through 8.0.1. This flaw allows an unauthenticated attacker to execute administrative commands on t...
PT-2025-44693
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal 7.4 GA through update 92 Description The Document Library and Adaptive Media modules are affected by an issue where an incorrect...
PT-2025-44448
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal versions 7.3 GA through update 36 Liferay DXP versions 7.4 GA through update 92 Description A cross-site scripting XSS issue exist...
CVE-2025-62260
CVE-2025-62260 affects Liferay Portal 7.4.0–7.4.3.99 and Liferay DXP 2023.Q3.1–2023.Q3.4 (also 7.4 GA up to update 92 and 7.3 GA up to update 35; older unsupported versions) where the Headless API does not limit the number of returned objects. This enables remote attackers to trigger denial-of-se...