Fortinet FortiManager和Fortinet FortiAnalyzer SQL注入漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains ADOM to further simplify the...

Fortinet FortiSIEM 信息泄露漏洞

Fortinet FortiSIEM is a security information and event management system from Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. An information disclosure vulnerability exists in Fortinet FortiSIEM that stems from the exposure of sensitive...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...

PT-2025-10771

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.4.4 FortiProxy versions 7.0.19 through 7.4.6 FortiPAM versions 1.3.1 through 1.4.2 FortiSRA versions 1.3.1 through 1.4.2 FortiWeb versions 7.0.10 through 7.4.5 Description A use of externally-controlled format...

PT-2025-10784 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 7.6.0 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'path traversal'. This allows an attacker to execute unauthorized code or comman...

PT-2025-10818 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions prior to the fixed version Microsoft Office Online Server version 1.0.0 Description: The issue is a stack-based buffer overflow in Microsoft Office Excel, allowing an unauthorized attacker to execute arbitrary...

PT-2025-10767 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 7.0.10 Fortinet FortiWeb versions 7.2.0 through 7.2.10 Fortinet FortiWeb versions 7.4.0 through 7.4.6 Description: The issue is related to the improper handling of syntactically invalid structures,...

PT-2025-10823

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A use after free condition exists in Microsoft Office, allowing an unauthorized attacker to execute code. The issue enables remote attackers to execute arbitrary code and affect the...

Fortinet FortiWeb Directory Traversal Arbitrary File Write (FG-IR-24-439)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-439 advisory. - A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through...

Fortinet FortiWeb Web application firewall rules bypass by using an empty filename (FG-IR-23-115)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-23-115 advisory. - Two improper handling of syntactically invalid structure vulnerabilities CWE-228 in FortiWeb may allowan...

Linux Distros Unpatched Vulnerability : CVE-2016-6814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization...

CKEditor 41.3.0 < 44.2.1 XSS

The version of CKEditor included on the remote web host is 41.3.0 prior to 44.2.1. It may, therefore, be affected by a cross-site scripting XSS vulnerability. This vulnerability affects user markers, which represent users' positions within the document. It can lead to unauthorized JavaScript code...

VulnCheck KEV: CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CKEditor 41.3.0 - 44.2.0 XSS Vulnerability

CKEditor 5 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package

Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. Th...

GHSA-J3MM-WMFM-MWVH Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package

Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. Th...

CVE-2024-50569

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-40584

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0...

CVE-2024-12755

A Cross-Site Scripting XSS vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information...

CVE-2024-50569

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...