EUVD-2025-208495

A cleartext storage of sensitive information vulnerability CWE-312 vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0 all versions, FortiRecorder...

GO-2026-4610 Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli...

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

CVE-2025-48418

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

BIT-DOCKER-CLI-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

@oneuptime/cli (>=10.0.10 <=10.0.20) potentially affected by CVE-2026-30959 via @oneuptime/common (>=10.0.10 <=10.0.20)

@oneuptime/common NPM version =10.0.10, =10.0.10, =10.0.20 Source cves: CVE-2026-30959 Source advisory: OSV:GHSA-CW6X-MW64-Q6PV...

@oneuptime/cli (>=10.0.10 <=10.0.20) potentially affected by CVE-2026-30956 via @oneuptime/common (>=10.0.10 <=10.0.20)

@oneuptime/common NPM version =10.0.10, =10.0.10, =10.0.20 Source cves: CVE-2026-30956 Source advisory: OSV:GHSA-R5V6-2599-9G3M...

PT-2026-24248

Name of the Vulnerable Software and Affected Versions Fortinet FortiSandbox Cloud version 5.0.4 Description The system contains a flaw due to improper neutralization of special elements used in an operating system command, specifically an 'os command injection' issue. Successful exploitation may...

Fortinet多款产品 安全漏洞

Fortinet FortiRecorder is a product of the American company Fortinet. Fortinet FortiRecorder is a web-based network video recording system management tool. Fortinet FortiMail is an email security gateway product. Fortinet FortiVoice is a unified communication and collaboration service. Several...

PT-2026-24229

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

PT-2026-24752

Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | Severity | High | | CVSS 3.1 | 8.8 High — when chained with VULN-01 | | CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' | | Attack Vector | Network | |...

Fortinet FortiManager Privilege escalation using undocumented CLI command (FG-IR-26-081)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-081 advisory. - A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7,...

@oneuptime/cli (>=10.0.10 <=10.0.18) potentially affected by CVE-2026-30920 via @oneuptime/common (>=10.0.10 <=10.0.18)

@oneuptime/common NPM version =10.0.10, =10.0.10, =10.0.18 Source cves: CVE-2026-30920 Source advisory: OSV:GHSA-656W-6F6C-M9R6...

CVE-2025-11065 affecting package moby-cli for versions less than 24.0.9-8

CVE-2025-11065 affecting package moby-cli for versions less than 24.0.9-8. A patched version of the package is available...

CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-24

CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-24. A patched version of the package is available...

CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27

CVE-2025-30204 affecting package cf-cli for versions less than 8.4.0-27. A patched version of the package is available...

CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27

CVE-2025-47911 affecting package cf-cli for versions less than 8.4.0-27. A patched version of the package is available...

CVE-2025-47911 affecting package gh for versions less than 2.13.0-26

CVE-2025-47911 affecting package gh for versions less than 2.13.0-26. A patched version of the package is available...

TLS 1.3 SNI Scanner

A command-line PHP vulnerability testing tool was developed to analyze TLS behavior through observation and logical reasoning, rather than relying on fixed rules or CVE numbers. The tool establishes multiple TLS connections to the same server and port using different SNI values. It then compares...