CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests...

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

CVE-2026-30897

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a Web application layer firewall developed by the American company Fortinet. It can block threats such as cross-site scripting, SQL injection, cookie poisoning, and schema poisoning, ensuring the security of web applications and protecting sensitive database content. There is...

PT-2026-24248

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox Cloud version 5.0.4 Description The system contains a flaw due to improper neutralization of special elements used in an operating system command, specifically an 'os command injection' issue. Successful exploitation may...

PT-2026-24236

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2.0 through 7.2.12, FortiWeb 7.0.0 through 7.0.12 may allow an authenticated...

Advantech ADAM-5630 Missing Authentication for Critical Function (CVE-2024-39364)

Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device...

EUVD-2026-9439

A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload...

EUVD-2026-9469

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a browser that is accessin...

CVE-2026-20039 Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL VPN Authentication Denial of Service Vulnerability

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due...

CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

Exploit for Code Injection in Vmware Spring_Framework

ДЗ 10 — Python для аналитиков ИБ: эксплойты Описание уязви...

FileZen vulnerable to OS command injection

Overview FileZen provided by Soliton Systems K.K. contains the following vulnerability. OS command injection CWE-78 - CVE-2026-25108 This vulnerability can be exploited when FileZen Antivirus Check Option is enabled The developer states that attacks exploiting the vulnerability has been observed...

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a security operating system developed by the American company Fortinet, specifically designed for use on the FortiGate network security platform. This system provides users with various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content...

WAGO Industrial-Managed-Switch 0852-1322和WAGO Industrial-Managed-Switch 0852-1328 安全漏洞

WAGO Industrial-Managed-Switch 0852-1322 and WAGO Industrial-Managed-Switch 0852-1328 are industrial-grade managed Ethernet switches from the German company WAGO. Both devices have security vulnerabilities. These vulnerabilities stem from stack buffer overflows when parsing specially crafted HTTP...

CVE-2026-21643

Fortinet FortiClient EMS 7.4.4 and earlier are affected by an unauthenticated SQL injection vulnerability described in the connected Nuclei template for CVE-2026-21643. The vulnerability resides in the /api/v1/init_consts endpoint, where the HTTP header value in the Site header is passed directly...

CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

PT-2026-6694

Name of the Vulnerable Software and Affected Versions FortiClient EMS versions 7.0.1 through 7.0.13 FortiClient EMS versions 7.2.0 through 7.2.2 FortiClient EMS version 7.4.4 Description An improper neutralization of special elements used in an SQL command SQL injection exists in the web manageme...