Lucene search
K

5895 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.77 views

Fortinet - Authentication Bypass

Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative...

9.8CVSS8.6AI score0.99984EPSS
Exploits25References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.68 views

Fortinet FortiOS - Credentials Disclosure

Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a...

9.8CVSS8.4AI score0.99999EPSS
Exploits22References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.48 views

Fortinet FortiNAC - Arbitrary File Write

Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute...

9.8CVSS8.8AI score0.99815EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.111 views

FortiLogger 4.4.2.2 - Arbitrary File Upload

FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. id: CVE-2021-3378 info: name: FortiLogger 4.4.2.2 - Arbitrary File Upload author:...

9.8CVSS8.5AI score0.97512EPSS
Exploits8References5
Imperva Blog
Imperva Blog
added 2026/06/15 8:58 a.m.26 views

Best WAAP Solutions for Enterprise Application Security: How to Choose the Right Platform in 2026

Key Takeaways The major enterprise WAAP solutions evaluated in this guide are Akamai, Cloudflare, F5, Fastly, Fortinet, Imperva, and Radware. In the most recent independent benchmarks, Akamai, Cloudflare, and Imperva were named Leaders in the Forrester Wave: Web Application Firewall Solutions, Q1...

5.8AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2026/06/15 12:0 a.m.13 views

VulnCheck KEV: CVE-2026-39813

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via specially crafted HTTP requests...

9.8CVSS5.8AI score0.16739EPSS
In wildExploits2References4
The Hacker News
The Hacker News
added 2026/06/10 3:10 p.m.17 views

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox...

10CVSS9.6AI score0.99041EPSS
Exploits8
Cvelist
Cvelist
added 2026/06/09 2:27 p.m.29 views

CVE-2026-49938

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

6.5CVSS0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Fortinet多款产品 操作系统命令注入漏洞

Fortinet FortiSandbox is a product of the American company Fortinet. Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device. Fortinet FortiSandbox Cloud is a malware sandbox analysis platform. Fortinet FortiSandbox PaaS is a cloud-based sandbox security platform that provide...

9.8CVSS6.3AI score0.23393EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/06/09 12:0 a.m.14 views

VulnCheck KEV: CVE-2026-39808

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...

9.8CVSS6.2AI score0.48668EPSS
In wildExploits6References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.7 views

CVE-2025-61848

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

7.2CVSS5.8AI score0.00511EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.7 views

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

6.7CVSS5.6AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2025-53844

A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via specially crafted packets...

8.8CVSS5.8AI score0.00564EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-39811

A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via...

4.9CVSS6.6AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-39813

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via...

9.8CVSS5.9AI score0.16739EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.6 views

CVE-2026-39815

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via sending crafted HTTP requests...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.8 views

CVE-2024-23104

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at...

5.4CVSS5.5AI score0.00255EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/31 3:39 p.m.81 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - Fortinet FortiClientEMS 7.4.5 Unauthenticated...

9.8CVSS6AI score0.88505EPSS
Exploits8
The Hacker News
The Hacker News
added 2026/05/28 3:26 p.m.20 views

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server EMS deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer. "The campaign abused trusted endpoint management infrastructure to deliver malware...

9.8CVSS6.2AI score0.88505EPSS
Exploits8
GithubExploit
GithubExploit
added 2026/05/25 12:11 p.m.107 views

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

Disclaimer The code and materials contained in this repository...

9.8CVSS7.6AI score0.61725EPSS
Exploits8
Rows per page
Query Builder