7 matches found
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 CVSS score: 9.1 - An SQL injection...
Fortinet FortiClient EMS SQL Injection Vulnerability
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-35616link is external - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious...
Fortinet FortiClient EMS Authenticated SQLi (FG-IR-25-735)
The version of Fortinet FortiClient EMS installed on the remote host is affected by a vulnerability as referenced in the FG-IR-25-735 advisory: - An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 in FortiClientEMS may allow an authenticated...
Fortinet FortiClient EMS < 7.2.5 (FG-IR-23-362)
The version of Fortinet FortiClient EMS installed on the remote host is prior to 7.2.5. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-362 advisory. - A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions...
Exploit for SQL Injection in Fortinet Forticlient_Enterprise_Management_Server
CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerab...
Fortinet FortiClient EMS 7.0.x < 7.0.11 / 7.2.x < 7.2.3 (FG-IR-24-007)
The version of Fortinet FortiClient EMS installed on the remote host is prior to 7.0.11 or 7.2.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-007 advisory. - A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet...