Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 Author: wa6n3r | GitHubhttps://github...

EUVD-2026-22339

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via...

CVE-2026-39809

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...

CVE-2026-39809

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...

CVE-2026-39809

Fortinet FortiClientEMS contains a SQL injection vulnerability (improper neutralization of special elements in SQL commands) affecting FortiClientEMS 7.0 all versions and 7.2.0–7.2.12, 7.4.0–7.4.5. The issue could allow an attacker to execute unauthorized code or commands. The connected sources p...

CVE-2026-39809

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...

Fortinet FortiClientEMS 安全漏洞

Fortinet FortiClientEMS is part of the endpoint management solution provided by Fortinet, a company owned by Fortinet Corporation. It aims to help organizations effectively manage terminal devices within their networks and provide monitoring and control of endpoint security. There are security...

Fortinet FortiClientEms 安全漏洞

Fortinet FortiClientEms is a centralized management system developed by the American company Fortinet. Versions 7.4.5 to 7.4.6 of Fortinet FortiClientEms contain security vulnerabilities. These vulnerabilities stem from improper access control, allowing unauthorized attackers to execute...

EUVD-2026-5681

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2026-21643

Fortinet FortiClient EMS 7.4.4 and earlier are affected by an unauthenticated SQL injection vulnerability described in the connected Nuclei template for CVE-2026-21643. The vulnerability resides in the /api/v1/init_consts endpoint, where the HTTP header value in the Site header is passed directly...

CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

Fortinet FortiClientEMS SQL注入漏洞

Fortinet FortiClientEMS is part of Fortinet's offering of endpoint management solutions from Fortinet, Inc. designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. Fortinet FortiClientEMS versions 7.4.3 through...

CVE-2023-45581

An improper privilege management vulnerability CWE-269 in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests...

EUVD-2024-29940

Malicious code in bioql PyPI...

EUVD-2023-51645

Malicious code in bioql PyPI...

EUVD-2023-49873

Malicious code in bioql PyPI...

EUVD-2023-52819

Malicious code in bioql PyPI...

CVE-2023-48786

A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...

CVE-2024-32119

An improper authentication vulnerability CWE-287 in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially...

CVE-2024-32119

An improper authentication vulnerability CWE-287 in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially...