Fortinet FortiMail SQL注入漏洞

Fortinet FortiMail is a suite of email security gateway products developed by the American company Fortinet. This product provides features such as email security protection and data protection. Versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.5, and 7.2.0 to 7.2.8 of Fortinet FortiMail contain SQL injectio...

CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

PT-2026-5865

Name of the Vulnerable Software and Affected Versions IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 on CP4D 4.8 through 7.8 on CP4D 5.1 Description IBM Db2 Big SQL on Cloud Pak for Data does not properly limit the allocation of system resources. An authenticated user with internal knowledge ...

CVE-2025-54972

An improper neutralization of crlf sequences 'crlf injection' vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a...

CVE-2025-53843

CVE-2025-53843 describes a stack-based buffer overflow in Fortinet FortiOS that affects FortiOS 6.4 and 7.x series (notably 7.6.0–7.6.3, 7.4.0–7.4.8, and all 7.2/7.0). The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted packets, with network access ...

CVE-2025-53845

An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...

EUVD-2020-0279

Malware in sbrugna...

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

Linux Distros Unpatched Vulnerability : CVE-2018-19574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth...

CVE-2025-32766

A stack-based buffer overflow vulnerability CWE-121 in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2024-25673

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection...

PT-2024-6692 · Mitel · Mitel Mivoice Mx-One

Name of the Vulnerable Software and Affected Versions: Mitel MiVoice MX-ONE versions through 7.6 SP1 Description: The provisioning manager component of Mitel MiVoice MX-ONE could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successfu...

SUSE CVE-2022-21284

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

Security Bulletin: IBM Maximo Asset Management is vulnerable to privilege escalation (CVE-2019-4449)

Summary IBM Maximo Asset Management could allow an authenticated user to escalate their permissions. Vulnerability Details CVEID: CVE-2019-4449 DESCRIPTION: IBM Maximo Asset Management could allow an authenticated user to escalate their permissions. CVSS Base score: 5 CVSS Temporal Score: See: fo...

CVE-2020-5222 Hard-Coded Key Used For Remember-me Token in OpenCast

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials...

Security Bulletin: IBM Maximo Asset Management is affected by a cross-site scripting vulnerability. (CVE-2018-1715)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details CVEID:...

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting. (CVE-2018-1686)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details CVEID:...

Security Bulletin: IBM Maximo Asset Management could allow an authenticated attacker to obtain sensitive information. (CVE-2018-1698)

Summary IBM Maximo Asset Management could allow an authenticated attacker to obtain sensitive information from error messages. Vulnerability Details CVEID: CVE-2018-1698 DESCRIPTION: IBM Maximo Asset Management could allow an unauthenticated attacker to obtain sensitive information from error...

Security Bulletin: IBM Maximo Asset Management is affected by a cross-site scripting vulnerability. (CVE-2018-1554)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details CVEID:...