CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...

CVE-2025-64446

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTT...

EUVD-2021-28178

Malicious code in bioql PyPI...

EUVD-2022-46925

Malicious code in bioql PyPI...

EUVD-2023-27865

Malicious code in bioql PyPI...

EUVD-2024-21138

Malicious code in bioql PyPI...

CVE-2022-30303

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

CVE-2021-36195

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted...

Fortinet FortiWeb Web application firewall rules bypass by using an empty filename (FG-IR-23-115)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-23-115 advisory. - Two improper handling of syntactically invalid structure vulnerabilities CWE-228 in FortiWeb may allowan...

Fortinet FortiWeb Multiple vulnerabilities in the authentication mechanism of confd (FG-IR-21-130)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-130 advisory. - Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15,...

PT-2023-1682 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.6 through 6.3.20 FortiWeb versions 7.0.0 through 7.0.2 FortiWeb 6.4 all versions Description: The issue is related to an improper neutralization of special elements used in an os command, also known as 'os command...

PT-2023-2070 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.0.1 and below FortiWeb version 6.4 and all versions FortiWeb version 6.3.19 and below Description: The issue is related to improper neutralization of special elements used in an OS Command, which may allow an authenticated...

FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities

Binary data 8668.prm...