49 matches found
EUVD-2018-11939
Malware in sbrugna...
EUVD-2022-31984
Malicious code in bioql PyPI...
EUVD-2024-23306
Malicious code in bioql PyPI...
EUVD-2024-35559
Malicious code in bioql PyPI...
EUVD-2023-26773
Malicious code in bioql PyPI...
EUVD-2024-35543
Malicious code in bioql PyPI...
CVE-2024-26009
An authentication bypass using an alternate path or channel CWE-288 vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to...
CVE-2024-52965
A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user...
PT-2025-30014 · Fortinet · Fortiisolator +1
Name of the Vulnerable Software and Affected Versions: FortiSandbox versions prior to 4.4.5 FortiSandbox versions 4.0 through 4.2.6 FortiIsolator versions prior to 2.4 FortiIsolator versions 1.2 through 2.3 Description: An insufficient session expiration issue may allow a remote attacker possessi...
CVE-2024-26010
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0...
CVE-2024-26011
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....
CVE-2024-35276
A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1...
CVE-2024-50563
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker ...
CVE-2023-36639
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...
Fortinet FortiClient EMS < 7.4.3 Path Traversal (FG-IR-24-552)
A Relative Path Traversal vulnerability CWE-23 in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. Note that Nessus has not tested for this issue...
Fortinet FortiOS and FortiProxy Remote Code Execution (CVE-2024-21762)
Binary data fortiosandfortiproxyCVE-2024-21762.nbin...
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability CWE-121 in FortiVoice,...
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not...
Fortinet FortiWeb No certificate name verification for fgfm connection (FG-IR-24-046)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-046 advisory. - A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS...
The vulnerability of Fortinet’s CSFD software products allows a perpetrator to execute arbitrary code or commands.
The vulnerability of Fortinet’s CSFD software products relates to the bypassing of authentication processes. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands using brute-force attacks...