76 matches found
EUVD-2026-22315
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1,...
CVE-2026-21742
A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1,...
CVE-2026-21742
Fortinet FortiSOAR products are affected by CVE-2026-21742, a cleartext transmission vulnerability that could allow an authenticated attacker to view cleartext passwords in responses for Secure Message Exchange and Radius queries when configured. Affected: FortiSOAR PaaS versions 7.6.0–7.6.3, 7.5...
CVE-2025-59808
An unverified password change vulnerability CWE-620 vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5....
CVE-2025-59808
An unverified password change vulnerability CWE-620 vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5....
EUVD-2022-28514
Malicious code in bioql PyPI...
EUVD-2023-27861
Malicious code in bioql PyPI...
EUVD-2024-19374
Malicious code in bioql PyPI...
CVE-2025-32932
An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...
CVE-2025-32932
An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...
CVE-2024-48892
A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...
CVE-2024-48892
A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...
CVE-2024-48892
FortiSOAR (Fortinet) is affected by a relative path traversal (CWE-23) that can allow an authenticated attacker to read arbitrary files by uploading a malicious solution pack. Affected versions include 7.3 all versions, 7.4 all versions, 7.5.0–7.5.1, and 7.6.0. The underlying issue is exposed via...
CVE-2025-32932
An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...
CVE-2025-32932
An Improper neutralization of input during web page generation 'cross-site scripting' vulnerability CWE-79 in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remo...
PT-2025-32878 · Fortinet · Fortisoar
Name of the Vulnerable Software and Affected Versions: FortiSOAR versions 6.4 through 7.6.1 Description: An improper neutralization of input during web page generation 'cross-site scripting' exists. The web interface may allow an authenticated remote attacker to perform a cross-site scripting XSS...
Fortinet FortiSOAR 跨站脚本漏洞
Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, Inc. A cross-site scripting vulnerability exists in Fortinet FortiSOAR versions 7.6.1 and earlier, 7.5.1 and earlier, 7.4 all, 7.3 all, 7.2 all, 7.0 all, and 6.4 all, which stems from improper inp...
CVE-2024-45327
An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...
CVE-2024-31493
An improper removal of sensitive information before storage or transfer vulnerability CWE-212 in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses...
CVE-2023-23775
Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerabilities CWE-89 in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters...