VulnCheck KEV: CVE-2025-64155

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute...

CVE-2020-10791

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests aka SSRF via the Test Connection feature aka testGrafanaConnection of the Grafana Module...

CVE-2022-27491

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML...

EUVD-2007-2776

Malware in sbrugna...

EUVD-2015-4116

Malware in sbrugna...

EUVD-2003-0246

Malware in sbrugna...

EUVD-2023-40613

Malicious code in bioql PyPI...

EUVD-2023-40612

Malicious code in bioql PyPI...

CVE-2024-32119

An improper authentication vulnerability CWE-287 in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially...

CVE-2024-50568

A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specifi...

CVE-2024-50568

A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specifi...

CVE-2024-32119

An improper authentication vulnerability CWE-287 in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially...

CVE-2024-50568

A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specifi...

CVE-2024-50568

A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specifi...

CVE-2024-32119

CVE-2024-32119 affects Fortinet FortiClientEMS, specifically versions 7.4.0 and before 7.2.4. The issue is an improper authentication (CWE-287) that could allow an unauthenticated attacker, who knows a targeted user’s FCTUID and VDOM, to perform operations such as uploading or tagging on behalf o...

Fortinet Fortigate Weak authentication in security fabric daemon (FG-IR-24-058)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-058 advisory. - A channel accessible by non-endpoint vulnerability CWE-300 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through...

PT-2025-24707 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 7.2.4 and earlier, Fortinet FortiClientEMS version 7.4.0 Description: The issue is related to an improper authentication flaw that allows an unauthenticated attacker, with knowledge of the targeted user's FCTU...

CVE-2023-36670

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

CVE-2018-11517

mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0=0 requests to TCP port 11010...

Fortinet Fortigate TCP Middlebox Reflection (FG-IR-22-073)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-073 advisory. - A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.21...