EUVD-2026-22333

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...

PT-2026-32687

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 4.4.0 through 4.4.8 Description An OS command injection flaw exists in the JRPC API due to improper neutralization of the pipe symbol | when processing the jid parameter. This allows an unauthenticated remote attacker to...

Fortinet FortiSandbox 跨站脚本漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Versions of Fortinet...

PT-2026-2488

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox versions 4.0 through 5.0.4 Fortinet FortiSandbox version 4.4 Fortinet FortiSandbox version 4.2 Description An authenticated attacker may be able to proxy internal requests limited to plaintext endpoints only by sending...

CVE-2022-26115

A use of password hash with insufficient computational effort vulnerability CWE-916 in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk guessing attacks to recover the passwords...

EUVD-2021-10934

Malware in sbrugna...

EUVD-2021-19431

Malware in sbrugna...

EUVD-2021-12918

Malware in sbrugna...

EUVD-2021-12926

Malware in sbrugna...

EUVD-2020-7910

Malware in sbrugna...

EUVD-2020-21395

Malware in sbrugna...

EUVD-2020-21394

Malware in sbrugna...

EUVD-2025-6585

Malicious code in bioql PyPI...

EUVD-2021-9281

Malicious code in bioql PyPI...

CVE-2024-27779

CVE-2024-27779 concerns an insufficient session expiration (CWE-613) in Fortinet FortiSandbox and FortiIsolator. Affected: FortiSandbox versions before 4.4.5 (and 4.0–4.2.6) and FortiIsolator versions before 2.4 (and 1.2–2.3). Impact: a remote attacker with a valid admin session cookie can contin...

CVE-2024-27779

An insufficient session expiration vulnerability CWE-613 in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all...

CVE-2024-21756

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2022-22305

An improper certificate validation vulnerability CWE-295 in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle th...

CVE-2021-26096

Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments...

CVE-2021-24010

Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests...