EUVD-2024-20629

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at...

Siemens APE1808 Improper Limitation of a Pathname to a Restricted Directory (CVE-2024-48885)

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0...

Siemens APE1808 Improper Restriction of Communication Channel to Intended Endpoints (CVE-2024-50565)

A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through...

CVE-2025-60024

Multiple Improper Limitations of a Pathname to a Restricted Directory 'Path Traversal' vulnerabilities CWE-22 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or...

Fortinet FortiVoice SQL注入漏洞

Fortinet FortiVoice is a Unified Communications and Collaboration-as-a-Service from Fortinet, Inc. A SQL injection vulnerability exists in Fortinet FortiVoice versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 6.4, and 6.0, which stems from an SQL injection that could result in the execution of...

Fortinet FortiVoice SQL注入漏洞

Fortinet FortiVoice is a Unified Communications and Collaboration-as-a-Service from Fortinet, Inc. A SQL injection vulnerability exists in Fortinet FortiVoice versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7, which stems from improperly neutralized SQL commands and could lead to the execution...

CVE-2025-47856

Two improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0, 7.0.0 through 7.0.6 and before 6.4.10 allows a privileged attacker to execute arbitrary code or commands via crafted HTTP/HTTPS or CLI requests...

EUVD-2024-38794

Malicious code in bioql PyPI...

PT-2025-32871 · Fortinet · Fortindr +4

Name of the Vulnerable Software and Affected Versions: Fortinet FortiMail versions 7.6.0 through 7.6.1 and prior to 7.4.3 Fortinet FortiVoice versions 7.0.0 through 7.0.5 and prior to 7.4.9 Fortinet FortiRecorder versions 7.2.0 through 7.2.1 and prior to 7.0.4 Fortinet FortiCamera versions 7.6.0...

CVE-2024-40587

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2022-27488

A cross-site request forgery CSRF in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2,...

CVE-2025-32756

A stack-based buffer overflow vulnerability CWE-121 vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8,...

CVE-2024-50565

A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through...

CVE-2024-26013

A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and...

Fortinet多款产品 安全漏洞

Fortinet FortiOS and others are products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiWeb is a Web application layer firewall.Fortinet Fortinet FortiManager is a centralized network security management platfor...

Fortinet FortiVoice Operating System Command Injection Vulnerability

Fortinet FortiVoice is a network communications solution from Fortinet, Inc. Fortinet FortiVoice suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploited by an attacke...

Fortinet多款产品 路径遍历漏洞

Fortinet FortiWeb and others are products of Fortinet, Inc.Fortinet FortiWeb is a Web application layer firewall, Fortinet FortiRecorder is a Web-based network video recorder management system.Fortinet FortiVoice is a unified communications and collaboration-as-a-service. A path traversal...

CVE-2024-40587

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2024-40587

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2024-40587

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests...