Lucene search
K

628 matches found

CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content...

5.9CVSS5.8AI score0.00477EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Fortinet FortiClientWindows 后置链接漏洞

Fortinet FortiClientWindows is a Windows-based mobile device security solution provided by the American company Fortinet. When connected to the FortiGate firewall device, this solution offers features such as IPsec and SSL encryption, wide-area network optimization, terminal compliance, and...

7.1CVSS7.2AI score0.00214EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.15 views

Fortinet Fortigate LDAP authentication bypass in Agentless VPN and FSSO (FG-IR-25-1052)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-1052 advisory. - An Authentication Bypass by Primary Weakness vulnerability CWE-305 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 m...

8.1CVSS5.7AI score0.00698EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.11 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering,...

3.2CVSS5.8AI score0.00106EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.79 views

Fortinet Fortigate SSO authentication bypass (FG-IR-26-060)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyzer m...

9.8CVSS6.1AI score0.85844EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/01/23 12:30 p.m.13 views

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device th...

9.8CVSS5.8AI score0.66322EPSS
Exploits1
OSV
OSV
added 2026/01/22 9:7 a.m.6 views

MAL-2026-453 Malicious code in @fortinet/fortigate-autoscale (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6100c8f444b32630601fbeee65c6af9df19979345ea5dc04740f40356c188e06 The package @fortinet/fortigate-autoscale was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/01/22 9:7 a.m.6 views

Malicious Package

Overview @fortinet/fortigate-autoscale is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added 2026/01/22 9:7 a.m.6 views

EUVD-2026-4192

Malicious code in @fortinet/fortigate-autoscale npm...

5.5AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/01/22 5:55 a.m.22 views

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaig...

9.8CVSS5.9AI score0.66322EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.14 views

Fortinet Fortigate Heap-based buffer overflow in cw_acd daemon (FG-IR-25-084)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-084 advisory. - A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS...

9.8CVSS6AI score0.00746EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.11 views

CVE-2020-12819

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode i...

7.5CVSS7.8AI score0.0077EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/12/16 10:58 a.m.15 views

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on SSO logins on FortiGate appliances on December 12...

9.8CVSS8AI score0.66322EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.7 views

CVE-2025-54838

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

6.8CVSS6.8AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 6:15 p.m.3 views

CVE-2025-54838

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

6.5CVSS5.8AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 6:15 p.m.7 views

CVE-2025-54838

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

6.8CVSS0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 5:18 p.m.21 views

CVE-2025-54838

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

6.8CVSS0.00273EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 5:18 p.m.20 views

CVE-2025-54838

Summary: CVE-2025-54838 is an Incorrect Authorization (CWE-863) vulnerability in FortiPortal 7.4.0–7.4.5 that may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. Affected product/version: FortiPortal 7.4.0 through 7.4.5. Root cause: improper access c...

6.8CVSS6.4AI score0.00273EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 5:18 p.m.4 views

CVE-2025-54838

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

6.8CVSS6.4AI score0.00273EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 5:18 p.m.7 views

EUVD-2025-202273

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

6.8CVSS6.2AI score0.00273EPSS
Exploits0References2
Rows per page
Query Builder