CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

207 matches found

Fortinet FortiClientEMS 7.4.4 - SQL Injection

Fortinet FortiClientEMS version 7.4.4 and earlier contains an unauthenticated SQL injection vulnerability in the /api/v1/initconsts endpoint. The 'Site' HTTP header value is passed directly into the PostgreSQL searchpath without sanitization, allowing remote unauthenticated attackers to inject...

9.8CVSS7.8AI score0.62516EPSS

Exploits1References2

GithubExploit•added 5 days ago•52 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - Fortinet FortiClientEMS 7.4.5 Unauthenticated...

9.8CVSS6AI score0.34753EPSS

Exploits7

GithubExploit•added 2026/04/20 6:8 p.m.•81 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 Author: wa6n3r | GitHubhttps://github...

9.8CVSS5.8AI score0.34753EPSS

Exploits7

EUVD•added 2026/04/14 6:30 p.m.•2 views

EUVD-2026-22339

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via...

6CVSS5.8AI score0.00014EPSS

Exploits0References2

EUVD•added 2026/04/14 6:30 p.m.•1 views

EUVD-2026-22307

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via...

6.7CVSS6AI score0.0003EPSS

Exploits0References2

NVD•added 2026/04/14 4:16 p.m.•0 views

CVE-2026-39809

6.7CVSS0.0003EPSS

Exploits0References1

NVD•added 2026/04/14 4:16 p.m.•0 views

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

6CVSS0.00014EPSS

Exploits0References1

Cvelist•added 2026/04/14 3:38 p.m.•23 views

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

6CVSS0.00014EPSS

Exploits0References1

ATTACKERKB•added 2026/04/14 3:38 p.m.•2 views

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

6CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/14 3:38 p.m.•3 views

CVE-2026-39810

CVE-2026-39810 describes a vulnerability in Fortinet FortiClientEMS 7.4.0–7.4.5 where a hard‑coded cryptographic key may lead to information disclosure. The affected component is FortiClient EMS, and the root cause is a hard-coded key compromising confidentiality (C>H/I>H). The document set...

6CVSS5.8AI score0.00014EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/14 3:5 p.m.•1 views

CVE-2026-39809

6.7CVSS6AI score0.0003EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/14 3:5 p.m.•1 views

CVE-2026-39809

6.7CVSS6AI score0.0003EPSS

Exploits0References1

CVE•added 2026/04/14 3:5 p.m.•10 views

CVE-2026-39809

Fortinet FortiClientEMS contains a SQL injection vulnerability (improper neutralization of special elements in SQL commands) affecting FortiClientEMS 7.0 all versions and 7.2.0–7.2.12, 7.4.0–7.4.5. The issue could allow an attacker to execute unauthorized code or commands. The connected sources p...

6.7CVSS6AI score0.0003EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/14 3:5 p.m.•22 views

CVE-2026-39809

6.7CVSS0.0003EPSS

Exploits0References1

Positive Technologies•added 2026/04/14 12:0 a.m.•2 views

PT-2026-32688

Name of the Vulnerable Software and Affected Versions FortiClientEMS versions 7.4.0 through 7.4.5 FortiClientEMS versions 7.2.0 through 7.2.12 FortiClientEMS version 7.0 Description Improper neutralization of special elements used in an SQL command, known as SQL injection, allows an attacker to...

6.7CVSS6AI score0.0003EPSS

Exploits0References5

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32689

CVE-2026-39810 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting databas… https://t.co/v5ryBw0uAj...

6CVSS5.8AI score0.00014EPSS

Exploits0References3

CNNVD•added 2026/04/14 12:0 a.m.•1 views

Fortinet FortiClientEMS 安全漏洞

Fortinet FortiClientEMS is part of the endpoint management solution provided by Fortinet, a company owned by Fortinet Corporation. It aims to help organizations effectively manage terminal devices within their networks and provide monitoring and control of endpoint security. There are security...

6CVSS5.8AI score0.00014EPSS

Exploits0References1

RedhatCVE•added 2026/04/05 5:7 a.m.•3 views

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS6.2AI score0.34753EPSS

Exploits7References1

EUVD•added 2026/04/04 3:31 a.m.•3 views

EUVD-2026-18963

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS6AI score0.34753EPSS

Exploits7References2

ATTACKERKB•added 2026/04/04 12:38 a.m.•9 views

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS6AI score0.34753EPSS

Exploits7References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by