CVE-2022-35847

An improper neutralization of special elements used in a template engine vulnerability CWE-1336 in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload...

CVE-2025-59808

An unverified password change vulnerability CWE-620 vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5....

PT-2025-41944

Name of the Vulnerable Software and Affected Versions FortiSOAR versions 7.3.x FortiSOAR versions 7.4.x FortiSOAR versions 7.5.0 through 7.5.1 FortiSOAR versions 7.6.0 through 7.6.1 Description An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' issue CWE-7...

EUVD-2024-43230

Malicious code in bioql PyPI...

EUVD-2024-36369

Malicious code in bioql PyPI...

EUVD-2023-31720

Malicious code in bioql PyPI...

EUVD-2022-38720

Malicious code in bioql PyPI...

EUVD-2024-54873

Malicious code in bioql PyPI...

EUVD-2024-29373

Malicious code in bioql PyPI...

EUVD-2024-41440

Malicious code in bioql PyPI...

CVE-2024-48892

A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...

Fortinet FortiSOAR 安全漏洞

Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSOAR version 7.6.0, versions 7.5.0 through 7.5.1, all versions 7.4, and all versions 7.3, which originates from path traversal and could resul...

PT-2025-32872 · Fortinet · Fortisoar

Name of the Vulnerable Software and Affected Versions: FortiSOAR versions 7.3 all versions FortiSOAR versions 7.4 all versions FortiSOAR versions 7.5.0 through 7.5.1 FortiSOAR version 7.6.0 Description: A relative path traversal vulnerability may allow an authenticated attacker to read arbitrary...

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

CVE-2024-21760

Summary (CVE-2024-21760) Fortinet FortiSOAR (FortiSOAR Connectors) is affected by an code-injection vulnerability due to improper control of code generation. Impact: an authenticated attacker can execute arbitrary code on the host by injecting a playbook code snippet. Affected versions encompass ...

CVE-2024-21760

An improper control of generation of code 'Code Injection' vulnerability CWE-94 in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

CVE-2024-48893

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting XSS attack via the creation of malicious playbook...

CVE-2024-48890

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook...

CVE-2024-48890

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook...

CVE-2024-36510

CVE-2024-36510 affects Fortinet FortiClientEMS and FortiSOAR. The issue is an observable response discrepancy (CWE-204) that could allow an unauthenticated attacker to enumerate valid users by observing login request responses. Affected: FortiClientEMS versions 7.0 all versions and 7.2.0–7.2.4, 7...