CVE-2025-54971

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password vi...

EUVD-2025-198147

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL...

CVE-2025-58412

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL...

CVE-2025-54971

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password vi...

EUVD-2025-198016

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password vi...

CVE-2025-54971

The CVE-2025-54971 entry applies to Fortinet FortiADC: versions 6.2 and 7.0–7.2, and 7.4.0. The issue stems from information exposure that allows an admin with read-only privileges to obtain external resources passwords via the product logs, constituting a sensitive data disclosure vulnerability....

CVE-2025-59921

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs...

CVE-2025-59921

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs...

EUVD-2020-7906

Malware in sbrugna...

EUVD-2022-27445

Malicious code in bioql PyPI...

EUVD-2022-40967

Malicious code in bioql PyPI...

CVE-2025-49813

CVE-2025-49813 describes an OS Command Injection in Fortinet FortiADC. The vulnerability arises from improper neutralization of special elements in OS commands, affecting FortiADC versions 7.2.0 and earlier than 7.1.1. An authenticated, low-privilege remote attacker can craft HTTP parameters to e...

CVE-2025-31104

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...

PT-2024-13880 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: FortiADC versions 7.0 through 7.4.0 Description: An improper certificate validation issue may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN...

PT-2023-3350 · Fortinet · Fortiadcmanager +1

Name of the Vulnerable Software and Affected Versions: FortiADC Manager versions prior to 7.1.0 FortiADC versions 7.0.0 through 7.1.2 FortiADC version 7.2.0 Description: The issue is related to the improper neutralization of special elements used in an operating system command, which can be...

PT-2022-6093 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: Fortinet FortiADC versions 6.2.4 and below Fortinet FortiADC versions 7.0.0 through 7.0.2 Fortinet FortiADC version 7.1.0 Description: The issue is related to improper input validation, allowing an authenticated attacker to retrieve files wit...

PT-2022-18449 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: Fortinet FortiADC versions 5.x.x through 6.2.3 Description: The issue allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. This is achieved by sending a specifically designe...