Siemens APE1808 Incorrect Provision of Specified Functionality (CVE-2025-58325)

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands. This plugin only works with...

Missing Authentication for Critical Function

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via config.apply. An attacker can execute arbitrary commands as the gateway process user by supplying crafted cliPath values through the Gatew...

CVE-2025-54821

An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3...

CVE-2025-54821

An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3...

CVE-2025-54821

CVE-2025-54821 affects Fortinet FortiOS (versions 6.4 and 7.0–7.6.3), FortiPAM (1.0–1.6.0), and FortiProxy (7.0–7.6.3). The root cause is improper privilege management (CWE-269) that may allow an authenticated administrator to bypass the trusted-host policy via crafted CLI commands. Public source...

PT-2025-47358

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4 through 7.6.3 Fortinet FortiPAM versions 1.0 through 1.6.0 Fortinet FortiProxy versions 7.0 through 7.6.3 Description An Improper Privilege Management issue exists that may allow an authenticated administrator to...

VulnCheck KEV: CVE-2025-24477

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI command...

CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

CVE-2023-46718

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands...

CVE-2025-58325

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

PT-2025-41940

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands...

EUVD-2016-7285

Malware in sbrugna...

EUVD-2024-42866

Malicious code in bioql PyPI...

EUVD-2024-54976

Malicious code in bioql PyPI...

Fortinet Fortigate SSH key is added even if operation is aborted (FG-IR-23-008)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-008 advisory. - An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2...

Fortinet FortiOS和Fortinet FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command 'OS Command Injection' vulnerabilties CWE-78 vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests...

CVE-2021-43072

A buffer copy without checking size of input 'classic buffer overflow' in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version...

CVE-2021-26093

An access of uninitialized pointer CWE-824 vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command...

CVE-2024-35274

CVE-2024-35274 describes a Path Traversal vulnerability affecting Fortinet FortiAnalyzer (versions below 7.4.2), FortiManager (below 7.4.2), and FortiAnalyzer-BigData (below 7.2.7 and 7.4.0). The underlying issue is an improper limitation of a pathname to a restricted directory, allowing a privil...