Lucene search
K

110 matches found

CVE
CVE
added 2025/11/14 3:50 p.m.542 views

CVE-2025-64446

CVE-2025-64446 is a high-severity relative path traversal in Fortinet FortiWeb that enables unauthenticated administrative command execution via crafted HTTP/HTTPS requests. Affected FortiWeb branches and patched versions are explicitly documented: 8.0.0–8.0.1 (fix in 8.0.2+), 7.6.0–7.6.4 (fix in...

9.8CVSS7AI score0.89177EPSS
In wildExploits17References3Affected Software1
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.8 views

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A security vulnerability in Fortinet FortiWe...

9.8CVSS7.3AI score0.89177EPSS
Exploits17References7
Tenable Nessus
Tenable Nessus
added 2025/11/14 12:0 a.m.6 views

Fortinet FortiWeb Path Confusion in GUI (FG-IR-25-910)

The version of FortiWeb installed on the remote host is 7.0.x prior to 7.0.12, 7.2.x prior to 7.2.12, 7.4.x prior to 7.4.10, 7.6.x prior to 7.6.5, or 8.0.x prior to 8.0.2. It is, therefore, affected by a path confusion vulnerability as referenced in the FG-IR-25-910 advisory: - A relative path...

9.8CVSS6.1AI score0.89177EPSS
Exploits17References2
CISA KEV Catalog
CISA KEV Catalog
added 2025/11/14 12:0 a.m.15 views

Fortinet FortiWeb Path Traversal Vulnerability

Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests...

9.8CVSS7.5AI score0.89177EPSS
In wildExploits17
Vulnrichment
Vulnrichment
added 2025/11/11 1:49 p.m.2 views

CVE-2025-11697 Studio 5000 ® Simulation Interface Local Code Execution

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

8.9CVSS6.8AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/21 6:31 a.m.6 views

CVE-2025-62577

ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges...

8.8CVSS7.2AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/10/09 4:15 p.m.14 views

CVE-2025-59998

Summary: CVE-2025-59998 affects Juniper Networks Junos Space versions prior to 24.1R4, due to an improper neutralization of input during web page generation that enables cross-site scripting on the Archive Log screen. An attacker can inject script tags; when another user visits the affected page,...

6.1CVSS6.5AI score0.00207EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/09 4:13 p.m.8 views

CVE-2025-59993 Junos Space: Space Node Setting fields are vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target...

6.1CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 3:30 p.m.4 views

EUVD-2025-32712

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...

8.1CVSS6.2AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2025/10/07 12:34 p.m.17 views

CVE-2025-3719

CVE-2025-3719 affects Nozomi Networks Guardian/CMC. The issue is an access control vulnerability in the CLI: an authenticated user with limited privileges can issue administrative CLI commands, potentially altering device configuration and impacting availability. The root cause is improper enforc...

8.1CVSS6.3AI score0.0025EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/07 12:34 p.m.7 views

CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...

8.1CVSS0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.22 views

EUVD-2017-8127

Malware in sbrugna...

9CVSS8.8AI score0.02927EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-8126

Malware in sbrugna...

9CVSS8.8AI score0.05644EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.7 views

PT-2025-40984

Name of the Vulnerable Software and Affected Versions versions prior to 2025-3719 Description An access control issue exists in the Command Line Interface CLI functionality. A specific access restriction is not properly enforced for users with limited privileges. This allows an authenticated user...

8.1CVSS6.5AI score0.0025EPSS
Exploits0References7
NOZOMI
NOZOMI
added 2025/10/07 12:0 a.m.5 views

Incorrect authorization for CLI in Guardian/CMC before 25.2.0

Summary An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. Impact An authenticated user with limited privileges can issue administrative CLI commands, altering the device...

8.1CVSS6.6AI score0.0025EPSS
Exploits0Affected Software2
VulnCheck KEV
VulnCheck KEV
added 2025/10/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

9.8CVSS5.9AI score0.89177EPSS
In wildExploits17References220
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-50265

Malicious code in bioql PyPI...

7.2CVSS7AI score0.25061EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-18135

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0907

Malicious code in bioql PyPI...

9CVSS8.6AI score0.01543EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29680

Malicious code in bioql PyPI...

8CVSS6.3AI score0.01185EPSS
Exploits0References3
Rows per page
Query Builder