Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - Fortinet FortiClientEMS 7.4.5 Unauthenticated...

CVE-2026-4019

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

Fortinet FortiClientEMS 安全漏洞

Fortinet FortiClientEMS is part of the endpoint management solution provided by Fortinet, a company owned by Fortinet Corporation. It aims to help organizations effectively manage terminal devices within their networks and provide monitoring and control of endpoint security. There are security...

CVE-2026-25083

GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages...

Fortinet FortiPortal 安全漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability exists in Fortinet FortiPortal versions 7.4.0 through 7.4.5 that...

CVE-2025-12800

The CVE-2025-12800 entry maps to the WordPress WP Shortcodes Plugin — Shortcodes Ultimate vulnerability. The authenticated SSRF flaw resides in the su_shortcode_csv_table function and affects versions up to 7.4.5, enabling an attacker with Administrator-level access or higher to induce web reques...

DEBIAN-CVE-2025-48367

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19...

CVE-2025-49326 WordPress GamiPress plugin <= 7.4.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...

PT-2022-20519 · Guzzle · Guzzle

Name of the Vulnerable Software and Affected Versions: Guzzle versions prior to 6.5.8 Guzzle versions prior to 7.4.5 Description: Guzzle, an extensible PHP HTTP client, has a issue where Authorization and Cookie headers on requests are sensitive information. In affected versions, when making a...

Design/Logic Flaw

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version...

Velocity Template Injection in Custom user macros - Macros Platform - CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. This issue was discovered and reported by GHSL team member...

Velocity Template Injection in Custom user macros - Macros Platform - CVE-2020-4027

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. This issue was discovered and reported by GHSL team member...

CVE-2017-2766

CVE-2017-2766 affects EMC Documentum eRoom: vulnerable in versions 7.4.4, 7.4.4 SP1, and prior to 7.4.5 P04 or 7.5.0 P01 due to an unverified password change vulnerability. This could allow a malicious user to compromise the affected system. According to the sources, the issue manifests in the pa...

CVE-2017-3321

Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: General. Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Merak Mail Server 7.4.5 address.html Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerabili...

Merak Mail Server 7.4.5 - &#039;settings.html&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerability - A PHP source code disclosure...