Siemens APE1808 Incorrect Privilege Assignment (CVE-2024-40591)

An incorrect privilege assignment vulnerability in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targett...

EUVD-2025-24469

Malicious code in bioql PyPI...

How to Gain Control of AI Agents and Non-Human Identities

We hear this a lot: "We've got hundreds of service accounts and AI agents running in the background. We didn't create most of them. We don't know who owns them. How are we supposed to secure them?" Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identitie...

CVE-2025-53744

An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...

Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive

The AI revolution isn't coming. It's already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here's the uncomfortable truth: Attackers are evolving just as fast. Every leap forward in AI gives bad...

CVE-2025-53744

CVE-2025-53744 affects FortiOS Security Fabric across multiple lines: FortiOS Security Fabric versions 7.6.0–7.6.2, 7.4.0–7.4.7, 7.2, 7.0, and 6.4 all are vulnerable to an improper privilege assignment (CWE-266) that can let a remote authenticated attacker with high privileges escalate to super-a...

CVE-2025-53744

An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...

CVE-2025-53744

An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...

CVE-2025-53744

An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via...

PT-2025-32884 · Fortinet · Fortios Security Fabric

Name of the Vulnerable Software and Affected Versions: FortiOS Security Fabric versions 6.4 all versions FortiOS Security Fabric versions 7.0 all versions FortiOS Security Fabric versions 7.2 all versions FortiOS Security Fabric versions 7.4.0 through 7.4.7 FortiOS Security Fabric versions 7.6.0...

Fortinet Fortigate Incorrect Privilege Assignment in Security Fabric (FG-IR-25-173)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-173 advisory. - An incorrect privilege assignment vulnerability CWE-266 in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 throu...

Fortinet FortiOS Security Fabric 安全漏洞

Fortinet FortiOS Security Fabric is a network security platform from Fortinet, Inc. A security vulnerability exists in Fortinet FortiOS Security Fabric versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all, 7.0 all, and 6.4 all, which stems from an improper assignment of privileges and could...

Fortinet FortiSandbox和Fortinet FortiIsolator 代码问题漏洞

Fortinet FortiSandbox and Fortinet FortiIsolator are both products of Fortinet, Inc.Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting, etc...

CVE-2024-50568

A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specifi...

CVE-2024-50568

A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specifi...

CVE-2024-50568

A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specifi...

Fortinet Fortigate Weak authentication in security fabric daemon (FG-IR-24-058)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-058 advisory. - A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through...

CVE-2024-45523

An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attemp...

CVE-2023-36555

An improper neutralization of script-related html tags in a web page basic xss in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components...

CVE-2021-3196

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management authenticating via SAML through a third-party identity provider, an attacker can inject additional data into a signed SAML response bein...