Lucene search
K

223 matches found

Nuclei
Nuclei
added 15 hours ago21 views

Fortinet FortiSandbox - Command Injection

Fortinet FortiSandbox 4.4.0 through 4.4.8 contains a command injection caused by improper neutralization of special elements in OS commands, letting attackers execute unauthorized code or commands, exploit requires crafted input. id: CVE-2026-39808 info: name: Fortinet FortiSandbox - Command...

9.8CVSS6AI score0.16682EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.7 views

CVE-2026-39812

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

4.8CVSS5.7AI score0.00035EPSS
Exploits0References1
Circl
Circl
added 2026/05/14 12:8 a.m.4 views

CVE-2025-53680

creationtimestamp| type| source ---|---|--- 2026-05-14 00:08:08+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-critical-high-and-medium-vulnerabilities-fortinet-fortisandbox-fortios...

6.7CVSS5.8AI score0.00041EPSS
Exploits0References1
Circl
Circl
added 2026/05/14 12:8 a.m.8 views

CVE-2025-67604

creationtimestamp| type| source ---|---|--- 2026-05-14 00:08:08+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-critical-high-and-medium-vulnerabilities-fortinet-fortisandbox-fortios...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 4:54 p.m.25 views

CVE-2026-26083

A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all...

9.8CVSS0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 a.m.2 views

CVE-2026-39808

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...

9.8CVSS6.2AI score0.16682EPSS
Exploits4References1
NVD
NVD
added 2026/04/14 4:16 p.m.2 views

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

6.7CVSS0.0006EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 4:16 p.m.2 views

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...

5.4CVSS0.00026EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 3:38 p.m.11 views

CVE-2026-39813

Fortinet FortiSandbox contains a path traversal vulnerability (CVE-2026-39813) that affects FortiSandbox 5.0.0–5.0.5 and 4.4.0–4.4.8. The issue arises from a path traversal flaw ("../filedir"), enabling escalation of privilege. CVSS v3.1: 9.8 (CRITICAL), NETWORK attack vector, no user interaction...

9.8CVSS5.8AI score0.00121EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 3:38 p.m.6 views

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...

5.4CVSS5.8AI score0.00026EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 3:38 p.m.10 views

CVE-2026-39812

FortiSandbox (Fortinet) and FortiSandbox PaaS versions 5.0.0–5.0.5, 4.4.0–4.4.8, and 4.2 all versions are affected by CVE-2026-39812. The issue is an improper neutralization of input during web page generation (XSS) that may allow an attacker to execute unauthorized code or commands via an unspec...

4.8CVSS6AI score0.00035EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/04/14 3:38 p.m.10 views

CVE-2026-25691

The CVE-2026-25691 issue affects Fortinet FortiSandbox family (FortiSandbox 5.0.0–5.0.5; 4.4.0–4.4.8; 4.2 all versions; FortiSandbox Cloud 5.0.4; FortiSandbox PaaS 5.0.4). A path traversal vulnerability in the HTTP interface may allow a privileged attacker with a super-admin profile and CLI acces...

6.7CVSS5.9AI score0.0006EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/14 3:38 p.m.0 views

CVE-2026-25691

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...

6.7CVSS5.9AI score0.0006EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 3:38 p.m.28 views

CVE-2026-27316

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...

2.7CVSS0.00037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.2 views

Fortinet FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, real-time control panels, and reporting capabilities. Versions 5.0.0 to 5.0.5,...

9.8CVSS6AI score0.00121EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.2 views

EUVD-2025-208489

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileg...

4.8CVSS5.9AI score0.00048EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:17 p.m.1 views

CVE-2025-53608

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileg...

4.8CVSS0.00048EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.24 views

CVE-2025-53608

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileg...

4.8CVSS0.00048EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 4:16 p.m.2 views

CVE-2025-52436

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attack...

9.6CVSS0.00433EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 3:39 p.m.12 views

CVE-2025-52436

Fortinet FortiSandbox contains an input handling flaw (CWE-79) that permits an unauthenticated attacker to execute commands via crafted requests, across FortiSandbox 4.0–4.7.x and 5.0.0–5.0.1. The description notes Cross-site Scripting as the underlying issue and lists impacted versions; no remed...

9.6CVSS5.7AI score0.00433EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder