CVE-2026-40688

Fortinet FortiWeb is affected by CVE-2026-40688: an out-of-bounds write vulnerability in FortiWeb versions 8.0.0–8.0.3, 7.6.0–7.6.6, and 7.4.0–7.4.11 that may allow an attacker to execute unauthorized code or commands via an unspecified attack vector. The CVSS 3.1 data posted indicates network ac...

CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

EUVD-2026-10521

A UNIX symbolic link Symlink following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root...

PT-2026-24244

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientLinux versions 7.2.2 through 7.2.12 Fortinet FortiClientLinux versions 7.4.0 through 7.4.4 Description A flaw exists in Fortinet FortiClientLinux that involves a symbolic link Symlink following issue. This can allow a local...

Siklu EtherHaul Series EH-8010 - Remote Command Execution

Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 - Andrew James Vendor Homepage: https://www.ceragon.com/products/siklu-by-ceragon Software Link: ftp://ftp.bubakov.net/siklu/ Version: EH-8010 and...

CVE-2025-59719

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

CVE-2025-54971

The CVE-2025-54971 entry applies to Fortinet FortiADC: versions 6.2 and 7.0–7.2, and 7.4.0. The issue stems from information exposure that allows an admin with read-only privileges to obtain external resources passwords via the product logs, constituting a sensitive data disclosure vulnerability....

CVE-2025-46373

A Heap-based Buffer Overflow vulnerability CWE-122 vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips74.sys". The attacker would need to bypass the...

Fortinet FortiMail 注入漏洞

Fortinet FortiMail is a suite of e-mail security gateway products from the U.S. company Fiat Fortinet. The product provides email security and data protection features. An injection vulnerability exists in Fortinet FortiMail that stems from improper CRLF sequence neutralization, which could resul...

PT-2025-41963

Name of the Vulnerable Software and Affected Versions FortiClientMac versions 7.0 through 7.2.11 FortiClientMac versions 7.4.0 through 7.4.3 Description An incorrect permission assignment for a critical resource may allow a local attacker to run arbitrary code or commands via LaunchDaemon...

EUVD-2022-33572

Malicious code in bioql PyPI...

CVE-2025-4582 Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation, Overread Buffers.

Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional Core Libraries allows File Manipulation, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0 before 6.1.2.26, from 6.0.0 before 6.0.1.43, from 5.3.0...

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

PT-2025-34503 · Liferay · Liferay Portal +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.131 Liferay DXP versions 2024.Q1.1 through 2024.Q1.12 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.1 through 2024.Q3.8 Description: A stored cross-site scripting XS...

CVE-2025-43751

User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10 and 7.4 GA through update 92...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Liferay Portal和Liferay DXP 跨站请求伪造漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

CVE-2025-27759

Fortinet FortiWeb is affected by an OS Command Injection vulnerability (CWE-78) due to improper neutralization of special elements. Impactable when an authenticated privileged attacker crafts CLI commands to execute arbitrary code on affected versions. Affected software: FortiWeb 7.6.0–7.6.3, 7.4...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...