3134 matches found
CVE-2026-27688
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...
CVE-2025-68482
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8,...
CVE-2025-48418
A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...
CVE-2026-22572
CVE-2026-22572 describes an authentication bypass vulnerability affecting Fortinet products: FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud across multiple versions (7.2.x, 7.4.x, 7.6.x). The issue allows an attacker who knows the admin password to bypass multifactor aut...
CVE-2025-49784
The CVE-2025-49784 issue is an SQL injection in Fortinet FortiAnalyzer and FortiAnalyzer-BigData. Affected versions include FortiAnalyzer 7.6.0–7.6.4, 7.4.0–7.4.7, all 7.2/7.0, and FortiAnalyzer-BigData 7.6.0–7.4.4, 7.2, 7.0, plus 6.4/6.2 series. The root cause is improper neutralization of speci...
CVE-2025-41712
CVE-2025-41712 describes an unauthenticated remote attacker who can gain access to sensitive information on a device by tricking a user into uploading a manipulated HTML file. Root cause: incorrect permission assignment for the web server. Reported impact: high confidentiality impact (CVE metrics...
CVE-2025-41712 Incorrect Permission Assignment on power analyzer
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...
CVE-2025-41711 Use of a Broken or Risky Cryptographic Algorithm for firmware images of power analyzer
An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access...
CVE-2025-41710
CVE-2025-41710 describes an unauthenticated remote access issue where an attacker may use hard-coded credentials to reach a previously activated FTP server with limited read/write privileges. The CVSSv3.1 base score is 6.5 (Medium) with network attack vector, low attack complexity, and no user in...
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device...
CVE-2025-41709
CVE-2025-41709 describes an unauthenticated command injection using Modbus-TCP/Modbus-RTU that grants read/write access on the affected device. Multiple sources (NVD, Red Hat, CVE listing, and vulnerability feeds) concur that the issue is remotely exploitable over network with a high severity (CV...
CVE-2025-41709 Command injection in power analyzer via Modbus-TCP and Modbus-RTU
An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device...
CVE-2026-27688 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...
CVE-2026-27688
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...
Fortinet FortiAnalyzer Lack of TLS Certificate Validation during initial SSO Authentication (FG-IR-26-078)
The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-078 advisory. - A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0...
PT-2026-24164
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description An authenticated attacker with user privileges may be able to read Database Analyzer Log Files due to a missing authorization check within a specific RFC...
PT-2026-24237
A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8,...
SAP NetWeaver Application Server for ABAP 安全漏洞
SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may allow authenticated...
Fortinet FortiAnalyzer sqli (FG-IR-26-095)
The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-095 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...
PT-2026-24231
An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...