Lucene search
K

13 matches found

CISA
CISA
β€’added 2026/01/28 12:0 p.m.β€’20 views

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

Newly disclosed vulnerability Common Vulnerabilities and Exposures CVE-2026-24858link is external Common Weakness Enumeration CWE-288: Authentication Bypass Using an Alternate Path or Channellink is external allows malicious actors with a FortiCloud account and a registered device to log in to...

9.8CVSS5.8AI score0.85844EPSS
In wildExploits1References23
Tenable Nessus
Tenable Nessus
β€’added 2026/01/28 12:0 a.m.β€’9 views

Fortinet FortiManager SSO authentication bypass (FG-IR-26-060)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyze...

9.8CVSS6.1AI score0.85844EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
β€’added 2026/01/27 7:18 p.m.β€’8 views

CVE-2026-24858

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...

9.8CVSS6.1AI score0.85844EPSS
In wildExploits0References2Affected Software5
CVE
CVE
β€’added 2026/01/27 7:18 p.m.β€’656 views

CVE-2026-24858

CVE-2026-24858 is a high-severity authentication bypass affecting Fortinet FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb (various 7.x versions) via FortiCloud SSO. The issue allows an attacker with a FortiCloud account and a registered device to log into other devices registered ...

9.8CVSS7AI score0.85844EPSS
In wildExploits0References4Affected Software6
The Hacker News
The Hacker News
β€’added 2026/01/26 11:55 a.m.β€’31 views

⚑ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week's recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. "Patched" no longer means safe, and every...

10CVSS6.8AI score0.98871EPSS
Exploits129
RedhatCVE
RedhatCVE
β€’added 2025/12/10 6:13 p.m.β€’15 views

CVE-2025-59719

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message...

9.8CVSS7.1AI score0.2367EPSS
Exploits1References1
The Hacker News
The Hacker News
β€’added 2025/12/10 4:50 a.m.β€’18 views

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of...

9.9CVSS9.4AI score0.65825EPSS
Exploits1
RedhatCVE
RedhatCVE
β€’added 2025/10/15 3:47 p.m.β€’5 views

CVE-2025-54973

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS6.9AI score0.0029EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
β€’added 2025/10/15 12:0 a.m.β€’2 views

Fortinet FortiAnalyzer SSO SAML authentication (FG-IR-25-198)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-198 advisory. - A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in...

5.3CVSS5.8AI score0.0029EPSS
Exploits0References2
EUVD
EUVD
β€’added 2025/10/14 6:30 p.m.β€’5 views

EUVD-2025-34238

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS6.4AI score0.0029EPSS
Exploits0References2
NVD
NVD
β€’added 2025/10/14 4:15 p.m.β€’14 views

CVE-2025-54973

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
β€’added 2025/10/14 3:23 p.m.β€’2 views

CVE-2025-54973

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS6.5AI score0.0029EPSS
Exploits0References1
Positive Technologies
Positive Technologies
β€’added 2025/10/14 12:0 a.m.β€’5 views

PT-2025-41960

A concurrent execution using shared resource with improper synchronization 'Race Condition' vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the...

5.3CVSS6.9AI score0.0029EPSS
Exploits0References2
Rows per page
Query Builder