Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

Disclaimer The code and materials contained in this repository...

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries

The threat actor behind the recently disclosed artificial intelligence AI-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its...

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content filtering,...

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on SSO logins on FortiGate appliances on December 12...

Fortinet Fortigate Insufficient Session Expiration in SSLVPN (FG-IR-25-411)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-411 advisory. - An insufficient session expiration vulnerability CWE-613 in Fortinet FortiOS 7.4.0, FortiOS 7.2... CVE-2025-62631 Note that...

Fortinet Fortigate ZTNA Server Improper Certificate Validation (FG-IR-24-457)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-457 advisory. - An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below, versi...

Fortinet Fortigate xss (FG-IR-24-542)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-542 advisory. - An URL Redirection to Untrusted Site vulnerabilities CWE-601 in FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.8,...

EUVD-2016-8394

Malware in sbrugna...

EUVD-2012-0964

Malware in sbrugna...

EUVD-2017-12268

Malware in sbrugna...

EUVD-2016-9340

Malware in sbrugna...

EUVD-2008-7120

Malware in sbrugna...

EUVD-2020-7907

Malware in sbrugna...

EUVD-2005-3058

Malware in sbrugna...

PT-2025-38696

ParsedReport ChatGPT Translated Autotext: TI Report Analyser + ChatGPT + Auto Translate ------ Группа компаний Belsen, действующая с января 2025 года, допустила утечку 1,6 ГБ данных с более чем 15 000 уязвимых устройств Fortinet из-за CVE-2022-406841, что указывает на постоянный доступ до взлома...

Fortinet Fortigate Integer Overflow on SSL-VPN bookmarks (FG-IR-24-364)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-364 advisory. - An Integer Overflow or Wraparound vulnerability CWE-190 in FortiOS version 7.6.2 and below, version 7.4.7 and below, versio...

Fortinet Fortigate DNS type 65 resource record requests bypass DNS filter (FG-IR-24-053)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-053 advisory. - An Improperly Implemented Security Check for Standard vulnerability CWE-358 in FortiOS version 7.6.0, version 7.4.7 and...

Fortinet Fortigate PKI via API: Authentication granted with an invalid certificate (FG-IR-24-511)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-511 advisory. - A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0...

Fortinet Fortigate Heap-based buffer overflow in cw_stad daemon (FG-IR-25-026)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-026 advisory. - A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through...

Fortinet Fortigate Weak authentication in security fabric daemon (FG-IR-24-058)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-058 advisory. - A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through...