CVE-2024-33501

Two improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7...

CVE-2024-32123

Multiple improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0...

CVE-2024-54026

CVE-2024-54026 affects Fortinet FortiSandbox family (FortiSandbox 4.4.x, 4.2.x, 4.0.x, 3.2.x, 3.1.x, 3.0.x, and FortiSandbox Cloud 24.1) with an SQL injection due to improper neutralization of SQL commands. An attacker can exploit this via specially crafted HTTP requests to execute unauthorized c...

CVE-2024-32123

Fortinet CVE-2024-32123 affects FortiManager and FortiAnalyzer families. The issue is improper neutralization of special elements in OS command handling, allowing an attacker to execute unauthorized code or commands via crafted CLI requests. Affected versions include 7.4.0–7.4.2, 7.2.0–7.2.5, 7.0...

CVE-2024-54026

An improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandb...

CVE-2024-54026

An improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandb...

CVE-2024-55590

Multiple improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via...

CVE-2024-45324

CVE-2024-45324 describes an externally-controlled format string vulnerability (CWE-134) in Fortinet products, allowing a privileged attacker to execute unauthorized code via specially crafted HTTP/HTTPS commands. Affected are FortiOS (versions 7.4.0–7.4.4; 7.2.0–7.2.9; 7.0.0–7.0.15 and before 6.4...

CVE-2024-45324

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0...

CVE-2023-40723

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2023-42784

Fortinet FortiWeb CVE-2023-42784 affects FortiWeb versions 7.0.0–7.0.10, 7.2.0–7.2.10, and 7.4.0–7.4.6. The root cause is improper handling of syntactically invalid structures, enabling an attacker to execute unauthorized code or commands via crafted HTTP/S requests. The vulnerability is document...

CVE-2023-40723

Fortinet FortiSIEM is affected by CVE-2023-40723 across multiple releases: 5.1.0–5.1.3, 5.2.1–5.2.2, 5.2.5–5.2.8, 5.3.0–5.3.3, 5.4.0, 6.1.0–6.1.2, 6.2.0–6.2.1, 6.3.0–6.3.3, 6.4.0–6.4.2, 6.5.0–6.5.1, 6.6.0–6.6.3, 6.7.0–6.7.4. The issue allows an attacker to disclose sensitive information and execu...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2024-55597

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2024-55597

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests...

Microsoft Office Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally...

Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Fortinet FortiSandbox SQL注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from an SQL injection vulnerability that stems...