Lucene search
K

1430 matches found

GithubExploit
GithubExploit
β€’added 2026/03/02 2:36 p.m.β€’159 views

Exploit for OS Command Injection in Fortinet Fortiweb

No d...

9.8CVSS5.9AI score0.89177EPSS
Exploits20
GithubExploit
GithubExploit
β€’added 2026/03/01 7:7 p.m.β€’210 views

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 Detection Engineering Repository !CVEhttps:...

9.8CVSS7.8AI score0.9671EPSS
Exploits18
Exploit DB
Exploit DB
β€’added 2026/02/04 12:0 a.m.β€’159 views

FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

Exploit Title: FortiWeb Fabric Connector 7.6.x - Pre-authentication SQL Injection to Remote Code Execution Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win, Ubuntu CVE : CVE-2025-25257 Overvi...

9.8CVSS8.6AI score0.9671EPSS
Exploits18
Tenable Nessus
Tenable Nessus
β€’added 2026/01/29 12:0 a.m.β€’17 views

Fortinet FortiWeb SSO authentication bypass (FG-IR-26-060)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyzer ma...

9.8CVSS5.9AI score0.85844EPSS
Exploits0References3
NCSC
NCSC
β€’added 2026/01/28 3:46 p.m.β€’22 views

Vulnerabilities fixed in Fortinet products

Fortinet has fixed vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager. The vulnerabilities allow unauthenticated attackers to gain access to systems by using various techniques, including bypassing FortiCloud SSO login authentication via specially crafted SAML messages,...

9.8CVSS7.6AI score0.66322EPSS
Exploits1References9
VulnCheck KEV
VulnCheck KEV
β€’added 2026/01/27 12:0 a.m.β€’5 views

VulnCheck KEV: CVE-2026-24858

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...

9.8CVSS5.8AI score0.85844EPSS
In wildExploits0References6
RedhatCVE
RedhatCVE
β€’added 2026/01/09 11:20 a.m.β€’10 views

CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

6.1CVSS6AI score0.1052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/01/09 9:21 a.m.β€’10 views

CVE-2021-41013

An improper access control vulnerability CWE-284 in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs...

5.3CVSS6.9AI score0.00941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/01/09 9:21 a.m.β€’8 views

CVE-2021-41026

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests...

6.5CVSS6.8AI score0.0089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/01/09 9:1 a.m.β€’11 views

CVE-2023-25602

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 al...

7.8CVSS7.9AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/01/09 8:54 a.m.β€’3 views

CVE-2021-41018

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

9CVSS7.6AI score0.03323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/01/09 8:54 a.m.β€’7 views

CVE-2021-41027

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device...

7.8CVSS7.7AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/01/09 8:54 a.m.β€’13 views

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...

9.8CVSS7.6AI score0.01445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 2026/01/09 8:54 a.m.β€’3 views

CVE-2021-41017

Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests...

8.8CVSS8.3AI score0.01894EPSS
Exploits0References1
Packet Storm
Packet Storm
β€’added 2025/12/22 12:0 a.m.β€’186 views

πŸ“„ FortiWeb Fabric Connector 7.6.x SQL Injection / Remote Code Execution

This proof of concept exploit demonstrates a pre-authentication remote SQL injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. The flaw allows unauthenticated attackers to achieve remote code execution through malicious SQL queries in the Authorization header...

9.8CVSS10AI score0.9671EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
β€’added 2025/12/17 9:0 p.m.β€’50 views

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 exploited in the wild

Overview Update for CVE-2026-24858: On January 27, 2026, Fortinet disclosedCVE-2026-24858 , a critical unauthenticated vulnerability allowing authentication bypass via Fortinet’s cloud SSO. Confirmed as a net-new vulnerability rather than a patch bypass, it has beenobserved under active zero-day...

9.8CVSS7.8AI score0.85844EPSS
Exploits1
GithubExploit
GithubExploit
β€’added 2025/12/16 10:23 a.m.β€’153 views

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 - Environnement d'ExpΓ©rimentation Architecture...

9.8CVSS8.2AI score0.9671EPSS
Exploits18
Zero Day Initiative
Zero Day Initiative
β€’added 2025/12/16 12:0 a.m.β€’8 views

Fortinet FortiWeb ApacheCookie_parse Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Fortinet FortiWeb. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ApacheCookieparse method. The issue results from the lack of proper verification of...

8.1CVSS7AI score0.07492EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
β€’added 2025/12/16 12:0 a.m.β€’20 views

Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability

Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719...

9.8CVSS7.8AI score0.66322EPSS
In wildExploits1
VulnCheck KEV
VulnCheck KEV
β€’added 2025/12/15 12:0 a.m.β€’2 views

VulnCheck KEV: CVE-2025-59719

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message...

9.8CVSS5.8AI score0.66322EPSS
In wildExploits1References9
Rows per page
Query Builder