CVE-2025-53681

An improper neutralization of special elements used in an SQL Command "SQL Injection&" vulnerability CWE-89 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized cod...

CVE-2025-53681

An improper neutralization of special elements used in an SQL Command "SQL Injection&" vulnerability CWE-89 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2.0 through 7.2.8 allows an authenticated privileged attacker to execute unauthorized cod...

CVE-2025-53681

Fortinet FortiMail is affected by CVE-2025-53681 due to an improper neutralization of special elements used in an SQL Command (SQL Injection). Affected FortiMail versions: 7.6.0–7.6.3, 7.4.0–7.4.5, and 7.2.0–7.2.8. An authenticated privileged attacker can execute unauthorized code or commands via...

EUVD-2025-198017

An improper neutralization of crlf sequences 'crlf injection' in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a specifically...

EUVD-2021-12912

Malware in sbrugna...

EUVD-2019-6643

Malware in sbrugna...

EUVD-2021-22787

Malware in sbrugna...

EUVD-2021-10935

Malware in sbrugna...

EUVD-2021-10940

Malware in sbrugna...

EUVD-2021-12911

Malware in sbrugna...

EUVD-2023-40503

Malicious code in bioql PyPI...

EUVD-2023-40577

Malicious code in bioql PyPI...

EUVD-2022-42389

Malicious code in bioql PyPI...

CVE-2024-40588

CVE-2024-40588 describes multiple relative path traversal vulnerabilities in Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. The issue allows a privileged attacker to read files on the underlying filesystem via crafted CLI requests. Affected versions include FortiCamera ...

The vulnerability of the FortiMail email protection system and the FortiRecorder video surveillance device’s micro-programming software lies in the lack of measures to neutralize special elements, allowing intruders to execute arbitrary commands.

The vulnerability of the FortiMail email protection system and the FortiRecorder video surveillance device’s microprogramming software lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a perpetrator to execute arbitrary commands...

CVE-2023-36633

An improper authorization vulnerability CWE-285 in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests...

CVE-2023-36637

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields...

CVE-2023-45582

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts...

CVE-2022-29056

A improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form...

CVE-2021-36166

An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties...