110 matches found
CVE-2025-64446
CVE-2025-64446 is a high-severity relative path traversal in Fortinet FortiWeb that enables unauthenticated administrative command execution via crafted HTTP/HTTPS requests. Affected FortiWeb branches and patched versions are explicitly documented: 8.0.0–8.0.1 (fix in 8.0.2+), 7.6.0–7.6.4 (fix in...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A security vulnerability in Fortinet FortiWe...
Fortinet FortiWeb Path Confusion in GUI (FG-IR-25-910)
The version of FortiWeb installed on the remote host is 7.0.x prior to 7.0.12, 7.2.x prior to 7.2.12, 7.4.x prior to 7.4.10, 7.6.x prior to 7.6.5, or 8.0.x prior to 8.0.2. It is, therefore, affected by a path confusion vulnerability as referenced in the FG-IR-25-910 advisory: - A relative path...
Fortinet FortiWeb Path Traversal Vulnerability
Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests...
CVE-2025-11697 Studio 5000 ® Simulation Interface Local Code Execution
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...
CVE-2025-62577
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges...
CVE-2025-59998
Summary: CVE-2025-59998 affects Juniper Networks Junos Space versions prior to 24.1R4, due to an improper neutralization of input during web page generation that enables cross-site scripting on the Archive Log screen. An attacker can inject script tags; when another user visits the affected page,...
CVE-2025-59993 Junos Space: Space Node Setting fields are vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target...
EUVD-2025-32712
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...
CVE-2025-3719
CVE-2025-3719 affects Nozomi Networks Guardian/CMC. The issue is an access control vulnerability in the CLI: an authenticated user with limited privileges can issue administrative CLI commands, potentially altering device configuration and impacting availability. The root cause is improper enforc...
CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...
EUVD-2017-8127
Malware in sbrugna...
EUVD-2017-8126
Malware in sbrugna...
PT-2025-40984
Name of the Vulnerable Software and Affected Versions versions prior to 2025-3719 Description An access control issue exists in the Command Line Interface CLI functionality. A specific access restriction is not properly enforced for users with limited privileges. This allows an authenticated user...
Incorrect authorization for CLI in Guardian/CMC before 25.2.0
Summary An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. Impact An authenticated user with limited privileges can issue administrative CLI commands, altering the device...
VulnCheck KEV: CVE-2025-64446
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...
EUVD-2022-50265
Malicious code in bioql PyPI...
EUVD-2024-18135
Malicious code in bioql PyPI...
EUVD-2022-0907
Malicious code in bioql PyPI...
EUVD-2025-29680
Malicious code in bioql PyPI...