PT-2026-32963

An out-of-bounds write vulnerability CWE-787 vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests...

CVE-2025-48840

An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request...

EUVD-2021-22808

Malware in sbrugna...

EUVD-2021-22811

Malware in sbrugna...

EUVD-2021-22812

Malware in sbrugna...

EUVD-2021-22807

Malware in sbrugna...

EUVD-2021-28171

Malicious code in bioql PyPI...

EUVD-2021-30017

Malicious code in bioql PyPI...

CVE-2025-25257

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execu...

Fortinet FortiWeb Privilege escalation in GUI websocket module (FG-IR-25-006)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-006 advisory. - An Improper Privilege Management vulnerability CWE-269 affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through...

CVE-2023-34984

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests...

Fortinet FortiWeb cgi_httpcontentrouting_post Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the cgihttpcontentroutingpost function. The issue results from the lack of proper validati...

Fortinet FortiWeb Directory Traversal (FG-IR-24-474)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-474 advisory. - An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability CWE-22 in FortiWeb version 7.6...

CVE-2024-55597

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests...

Fortinet FortiWeb gui_upload_compress_act Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the guiuploadcompressact function. The issue results from the lack of proper validation of...

Fortinet FortiWeb cgi_grpc_idl_file_post Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the cgigrpcidlfilepost function. The issue results from the lack of proper validation of a...

Fortinet FortiWeb Heap buffer underflow in administrative interface (FG-IR-23-001)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-001 advisory. - A buffer underflow vulnerability in FortiOS & FortiProxy HTTP/HTTPS administrative interface could allow an unauthenticated,...

Fortinet FortiWeb Buffer Underwrite in firmware verification (FG-IR-21-046)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-046 advisory. - A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located...

Fortinet FortiWeb Confused deputy issue on SERVER_NAME causes open proxy flaw (FG-IR-21-123)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-123 advisory. - A unintended proxy or intermediary 'confused deputy' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows a...

Fortinet FortiWeb Open redirect due to missing domain whitelisting (FG-IR-21-133)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-133 advisory. - A url redirection to untrusted site 'open redirect' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows...