EUVD-2020-7912

Malware in sbrugna...

EUVD-2024-29940

Malicious code in bioql PyPI...

EUVD-2025-8613

Malicious code in bioql PyPI...

EUVD-2024-36369

Malicious code in bioql PyPI...

EUVD-2021-31022

Malicious code in bioql PyPI...

CVE-2021-44172

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...

CVE-2020-15940

An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...

CVE-2025-22859

A Relative Path Traversal vulnerability CWE-23 in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests...

CVE-2025-22859

A Relative Path Traversal vulnerability CWE-23 in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests...

CVE-2025-22859

CVE-2025-22859 is a Relative Path Traversal in Fortinet FortiClientEMS (on-prem FortiClientEMS 7.4.0–7.4.1 and FortiClientEMS Cloud 7.4.0–7.4.1) that could allow a remote unauthenticated attacker to perform a limited arbitrary file write via upload requests. Concrete details show the affected com...

CVE-2019-16149

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system...

CVE-2024-36506

An improper verification of source of a communication channel vulnerability CWE-940 in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection...

CVE-2024-23106

An improper restriction of excessive authentication attempts CWE-307 in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests...

CVE-2024-23106

An improper restriction of excessive authentication attempts CWE-307 in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests...

CVE-2024-36506

CVE-2024-36506 denotes an improper verification of the source of a communication channel (CWE-940) in FortiClientEMS. Affected products/versions per the provided documents include FortiClientEMS 6.4.0 through 7.0.x, 7.2.0 through 7.2.4, and 7.4.0. The issue may allow a remote attacker to bypass t...

PT-2023-5166 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 7.0.0 through 7.0.4 FortiClientEMS versions 7.0.6 through 7.0.7 FortiClientEMS versions 6.4 and earlier FortiClientEMS versions 6.2 and earlier Description: The issue is related to an exposure of sensitive information ...

Vulnerability fixed in FortiClientEMS

A vulnerability has been fixed in FortiClientEMS. The vulnerability allows an authenticated remote malicious person to to execute arbitrary code. Fortinet categorizes this vulnerability according to the CVSSv3 method with a score of 4. Fortinet has released updates to fix the vulnerability. More...