Lucene search
K

447 matches found

RedhatCVE
RedhatCVE
added 2025/03/19 1:16 p.m.6 views

CVE-2024-54027

A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...

8.2CVSS6.6AI score0.00148EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/18 12:0 a.m.27 views

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests...

8.1CVSS7.8AI score0.02988EPSS
In wildExploits0
RedhatCVE
RedhatCVE
added 2025/03/17 6:26 p.m.11 views

CVE-2025-25225

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers administrator to escalate their privileges to Super Admin Permissions...

6.5CVSS7.2AI score0.0015EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/17 2:15 p.m.1 views

CVE-2024-54027

A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...

8.2CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/03/17 1:5 p.m.59 views

CVE-2024-54027

CVE-2024-54027 describes a Use of Hard-coded Cryptographic Key (CWE-321) in Fortinet FortiSandbox. Affected versions include 4.4.6 and below, 4.2.7 and below, 4.0.5 and below, 3.2.4 and below, 3.1.5 and below, and 3.0.7 to 3.0.5. A privileged attacker with a super-admin profile and CLI access can...

8.2CVSS6.6AI score0.00148EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/15 6:6 p.m.12 views

CVE-2025-25225 Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers administrator to escalate their privileges to Super Admin Permissions...

0.0015EPSS
Exploits0References2
CVE
CVE
added 2025/03/15 6:6 p.m.70 views

CVE-2025-25225

CVE-2025-25225: Privilege-escalation in Hikashop for Joomla affects Hikashop component versions 1.0.0–5.1.3; authenticated administrators can escalate to Super Admin. Root cause and exploit details are not fully disclosed in all sources, but several advisories corroborate privilege escalation as ...

6.5CVSS7.5AI score0.0015EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/15 6:6 p.m.5 views

CVE-2025-25225 Extension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for Joomla

A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers administrator to escalate their privileges to Super Admin Permissions...

7.2AI score0.0015EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/26 12:27 a.m.10 views

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

9.8CVSS6.8AI score0.00378EPSS
Exploits0References1
NVD
NVD
added 2025/02/24 11:15 p.m.11 views

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

9.8CVSS0.00378EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/24 12:0 a.m.5 views

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

9.4AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/24 12:0 a.m.11 views

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

0.00378EPSS
Exploits0References1
HackRead
HackRead
added 2025/02/13 12:53 p.m.7 views

FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now!

Super-admin access vulnerability discovered in FortiOS Security Fabric. Exploitation could lead to widespread network breaches. Update now. Fortinet has…...

7.2AI score
Exploits0
NVD
NVD
added 2025/02/11 5:15 p.m.19 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS0.02988EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 4:50 p.m.18 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS9.8AI score0.02988EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/11 4:50 p.m.364 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS0.02988EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 4:50 p.m.324 views

CVE-2025-24472

CVE-2025-24472 affects Fortinet FortiOS (7.0.0–7.0.16) and FortiProxy (7.2.0–7.2.12, also 7.0.0–7.0.19 in some sources) with an authentication bypass (CWE-288) that can grant super-admin privileges on downstream devices when Security Fabric is enabled. exploitation requires crafting CSF proxy req...

8.1CVSS9.8AI score0.02988EPSS
In wildExploits0References2Affected Software2
Cvelist
Cvelist
added 2025/02/11 4:9 p.m.25 views

CVE-2024-40591

An incorrect privilege assignment vulnerability CWE-266 in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the...

8.8CVSS0.00574EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/02/11 12:0 a.m.13 views

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

8.1CVSS9.8AI score0.02988EPSS
In wildExploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/02/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-24472

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests...

8.1CVSS5.8AI score0.02988EPSS
Exploits0References1
Rows per page
Query Builder