CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Fortinet FortiSandbox h...

Siemens APE1808 Improper Neutralization of Special Elements used in an OS Command (CVE-2025-4230)

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. This plugin only works with...

EUVD-2025-208495

A cleartext storage of sensitive information vulnerability CWE-312 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder...

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

CVE-2025-48418

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

Fortinet多款产品 安全漏洞

Fortinet FortiRecorder is a product of the American company Fortinet. Fortinet FortiRecorder is a web-based network video recording system management tool. Fortinet FortiMail is an email security gateway product. Fortinet FortiVoice is a unified communication and collaboration service. Several...

PT-2026-24229

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

PT-2026-24248

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox Cloud version 5.0.4 Description The system contains a flaw due to improper neutralization of special elements used in an operating system command, specifically an 'os command injection' issue. Successful exploitation may...

CVE-2025-61713

A Cleartext Storage of Sensitive Information in Memory vulnerability CWE-316 in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated...

CVE-2025-4614

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue ...

CVE-2025-4615

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...

CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...

CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability

An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...

Palo Alto Networks PAN-OS 10.2.x < 10.2.17 / 11.1.x < 11.1.12 / 11.2.x < 11.2.8 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.2.x prior to 10.2.17, 11.1.x prior to 11.1.12, or 11.2.x prior to 11.2.8. It is, therefore, affected by a vulnerability. An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated...

EUVD-2014-0910

Malware in sbrugna...

EUVD-2009-0640

Malware in sbrugna...