13 matches found
Fortinet FortiManager sqli (FG-IR-26-111)
The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-111 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...
Fortinet Fortigate Missing Authentication for critical function in CAPWAP daemon (FG-IR-26-125)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-125 advisory. - A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through...
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 CVSS score: 9.1, has been described as a pre-authentication API access bypass leading to privilege escalation...
Siemens RUGGEDCOM APE1808 Devices
SUMMARY Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security...
Fortinet FortiManager Buffer overflow via fgtupdates service (FG-IR-26-098)
The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-098 advisory. - A Stack-based Buffer Overflow vulnerability CWE-121 in FortiManager fgtupdates service may allow a remote unauthenticate...
Fortinet Fortigate (FG-IR-25-667)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-667 advisory. - An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS...
Fortinet FortiManager SSO authentication bypass (FG-IR-26-060)
The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-060 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 in FortiOS, FortiManager, FortiAnalyze...
Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 CVSS score: 5.2, an improper authentication vulnerability in SSL VPN in FortiOS that could allow a us...
CVE-2025-59719
creationtimestamp| type| source ---|---|--- 2025-12-09 19:53:36+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/fortinet-security-advisory-av25-821 2025-12-10 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1698 2025-12-10 04:54:16+00:00| seen|...
Fortinet FortiManager Arbitrary file overwrite in FGFMd (FG-IR-24-473)
The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-473 advisory. - An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability CWE-22 in Fortinet...
Fortinet FortiVoice Stack-based Buffer Overflow (FG-IR-25-254)
The version of FortiVoice installed on the remote host is 6.4.x prior to 6.4.11, 7.0.x prior to 7.0.7, or 7.2.x prior to 7.2.1. It is, therefore, affected by a stack-based buffer overflow vulnerability as referenced in the FG-IR-24-472 advisory. - A stack-based overflow vulnerability CWE-121 in...
Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities
Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475 within FortiGate products. This malicious file could enable read-only access to files on the device's file system, which may include...
[Security Nation] James Kettle of PortSwigger on Advancing Web-Attack Research
!\Security Nation\ James Kettle of PortSwigger on Advancing Web-Attack Researchhttps://blog.rapid7.com/content/images/2022/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod talk to James Kettle of PortSwigger. Their discussion includes research for new web-attack technique...