Design/Logic Flaw

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

Fortinet FortiWLM Path Traversal Vulnerability (CNVD-2025-00417)

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a path traversal vulnerability that stems from the program failing to properly filter for special elements in the path of a resource or file. An attacker could use this vulnerability to read arbitrary files...

CVE-2023-34991

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...

CVE-2023-34991

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...

CVE-2023-34991

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...

CVE-2023-20048

A vulnerability in the web services interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense FTD device that is managed by the FMC Software. This vulnerability is...

CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

Authentication flaw

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

CVE-2023-44256

A server-side request forgery vulnerability CWE-918 in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal...

Ubuntu 16.04 ESM : libtorrent vulnerability (USN-4790-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4790-1 advisory. It was discovered that libtorrent incorrectly handled chunked headers. A remote attacker could possibly use this to cause a crash resulting in a denial of service...

CVE-2021-38859 IBM Security Verify Privilege information disclosure

IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899...

Cross site request forgery (csrf)

An issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request...

CVE-2023-43120

An issue discovered in Extreme Networks Switch Engine EXOS before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request...

CVE-2023-41682

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbo...

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests...

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows...

Path traversal

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests...

CVE-2023-41836

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.4, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.4 through 3.0.7 allow...