EUVD-2021-22815

Malware in sbrugna...

CVE-2025-48827

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...

CVE-2025-48827

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...

CVE-2025-48827

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...

Fortinet FortiWeb OS command injection due to direct input interpolation in API controllers (FG-IR-21-180)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-180 advisory. - A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4....

CVE-2021-36194

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...

Stack overflow

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...

CVE-2021-36194

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...

CVE-2021-36194

CVE-2021-36194 concerns Fortinet FortiWeb: multiple stack-based buffer overflows in the API controllers may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests. Affected products/versions (per provided data): FortiWeb 6.4.1, 6.4.0, and 6.3.0 through ...

CVE-2021-41017

CVE-2021-41017 describes multiple heap-based buffer overflow vulnerabilities in FortiWeb’s web API controllers (versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15). The underlying issue is heap-based overflow which may allow a remote authenticated attacker to execute arbitrary code or commands via s...

FortiWeb - Stack-based buffer overflows in API controllers

Multiple stack-based buffer overflows CWE-121 in the API controllers of FortiWeb may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...