Fortinet FortiManager sqli (FG-IR-26-111)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-111 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

Fortinet Fortigate Missing Authentication for critical function in CAPWAP daemon (FG-IR-26-125)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-125 advisory. - A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through...

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 CVSS score: 9.1, has been described as a pre-authentication API access bypass leading to privilege escalation...

Fortinet FortiManager Buffer overflow via fgtupdates service (FG-IR-26-098)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-098 advisory. - A Stack-based Buffer Overflow vulnerability CWE-121 in FortiManager fgtupdates service may allow a remote unauthenticate...

Siemens RUGGEDCOM APE1808 Devices

SUMMARY Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security...

Fortinet Fortigate (FG-IR-25-667)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-667 advisory. - An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS...

Fortinet FortiManager SSO authentication bypass (FG-IR-26-060)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyze...

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 CVSS score: 5.2, an improper authentication vulnerability in SSL VPN in FortiOS that could allow a us...

CVE-2025-59719

creationtimestamp| type| source ---|---|--- 2025-12-09 19:53:36+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/fortinet-security-advisory-av25-821 2025-12-10 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1698 2025-12-10 04:54:16+00:00| seen|...

Fortinet FortiManager Arbitrary file overwrite in FGFMd (FG-IR-24-473)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-473 advisory. - An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability CWE-22 in Fortinet...

Fortinet FortiVoice Stack-based Buffer Overflow (FG-IR-25-254)

The version of FortiVoice installed on the remote host is 6.4.x prior to 6.4.11, 7.0.x prior to 7.0.7, or 7.2.x prior to 7.2.1. It is, therefore, affected by a stack-based buffer overflow vulnerability as referenced in the FG-IR-24-472 advisory. - A stack-based overflow vulnerability CWE-121 in...

Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities

Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475 within FortiGate products. This malicious file could enable read-only access to files on the device's file system, which may include...

[Security Nation] James Kettle of PortSwigger on Advancing Web-Attack Research

!\Security Nation\ James Kettle of PortSwigger on Advancing Web-Attack Researchhttps://blog.rapid7.com/content/images/2022/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod talk to James Kettle of PortSwigger. Their discussion includes research for new web-attack technique...