Fortinet FortiClientEMS 7.4.4 - SQL Injection

Fortinet FortiClientEMS version 7.4.4 and earlier contains an unauthenticated SQL injection vulnerability in the /api/v1/initconsts endpoint. The 'Site' HTTP header value is passed directly into the PostgreSQL searchpath without sanitization, allowing remote unauthenticated attackers to inject...

CVE-2026-24018

A UNIX symbolic link Symlink following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root...

CVE-2026-21643

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

PT-2026-6694

Name of the Vulnerable Software and Affected Versions FortiClient EMS versions 7.0.1 through 7.0.13 FortiClient EMS versions 7.2.0 through 7.2.2 FortiClient EMS version 7.4.4 Description An improper neutralization of special elements used in an SQL command SQL injection exists in the web manageme...

Fortinet FortiClientEMS SQL注入漏洞

Fortinet FortiClientEMS is part of the endpoint management solution provided by Fortinet, a company owned by Fortinet Corporation in the United States. It aims to help organizations effectively manage terminal devices within their networks and provide monitoring and control of endpoint security...

CVE-2024-46669

An Integer Overflow or Wraparound vulnerability CWE-190 in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service...

CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB

Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...

Atlassian Jira 6.0.0 < 7.2.12 Xss In Printable Searchrequest Issue Resource

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 6.0.x prior to 7.2.12 or 7.4.4 prior to 7.6.1. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross...

UBUNTU-CVE-2022-31043

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

Cross-site Scripting in vis-timeline

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

CVE-2020-28487 Cross-site Scripting (XSS)

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

Visjs Vis-timeline Cross-Site Scripting Vulnerability

Visjs Vis-timeline is a Javascript-based codebase for generating 2D interactive timelines from the Egyptian Visjs community. It supports free movement and scaling of the timeline by dragging and scrolling in the timeline. Items can be created, edited and deleted in the timeline. The time scale on...

PT-2020-2040 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x below 7.3.16 PHP versions 7.4.x below 7.4.4 Description: The issue is related to the use of the mb strtolower function with UTF-32LE encoding in PHP. Certain invalid strings could cause PHP to overwrite the stack-allocated...

Atlassian JIRA 6.2.1 < 7.4.4 Cross-Site Scripting (XSS) Vulnerability (JRASERVER-66719)

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 6.2.1 or later but prior to 7.4.4. It is, therefore, potentially affected by a cross-site scripting vulnerability related to handling of the 'messagesThreshold' parameter in th...

OpenText Portal Cross-Site Scripting Vulnerability

OpenText Portal is a set of enterprise portal system from OpenText Canada. The system provides content aggregation and content management capabilities for enterprises. A cross-site scripting vulnerability exists in OpenText Portal version 7.4.4, which stems from a lack of proper validation of...

CVE-2018-20165

Cross-site scripting XSS vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI...

CVE-2017-2766

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise th...

CVE-2017-2766

CVE-2017-2766 affects EMC Documentum eRoom: vulnerable in versions 7.4.4, 7.4.4 SP1, and prior to 7.4.5 P04 or 7.5.0 P01 due to an unverified password change vulnerability. This could allow a malicious user to compromise the affected system. According to the sources, the issue manifests in the pa...