CVE-2024-55590

Multiple improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via...

CVE-2024-45324

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0...

CVE-2024-45324

CVE-2024-45324 describes an externally-controlled format string vulnerability (CWE-134) in Fortinet products, allowing a privileged attacker to execute unauthorized code via specially crafted HTTP/HTTPS commands. Affected are FortiOS (versions 7.4.0–7.4.4; 7.2.0–7.2.9; 7.0.0–7.0.15 and before 6.4...

CVE-2023-40723

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2023-40723

Fortinet FortiSIEM is affected by CVE-2023-40723 across multiple releases: 5.1.0–5.1.3, 5.2.1–5.2.2, 5.2.5–5.2.8, 5.3.0–5.3.3, 5.4.0, 6.1.0–6.1.2, 6.2.0–6.2.1, 6.3.0–6.3.3, 6.4.0–6.4.2, 6.5.0–6.5.1, 6.6.0–6.6.3, 6.7.0–6.7.4. The issue allows an attacker to disclose sensitive information and execu...

CVE-2023-42784

Fortinet FortiWeb CVE-2023-42784 affects FortiWeb versions 7.0.0–7.0.10, 7.2.0–7.2.10, and 7.4.0–7.4.6. The root cause is improper handling of syntactically invalid structures, enabling an attacker to execute unauthorized code or commands via crafted HTTP/S requests. The vulnerability is document...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2024-55597

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2024-55597

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests...

Microsoft Office Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally...

Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

PT-2025-10767 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 7.0.10 Fortinet FortiWeb versions 7.2.0 through 7.2.10 Fortinet FortiWeb versions 7.4.0 through 7.4.6 Description: The issue is related to the improper handling of syntactically invalid structures,...

Fortinet FortiSandbox SQL注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from an SQL injection vulnerability that stems...

Fortinet FortiManager和Fortinet FortiAnalyzer SQL注入漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains ADOM to further simplify the...

Fortinet FortiSIEM 信息泄露漏洞

Fortinet FortiSIEM is a security information and event management system from Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. An information disclosure vulnerability exists in Fortinet FortiSIEM that stems from the exposure of sensitive...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...

PT-2025-10771

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.4.4 FortiProxy versions 7.0.19 through 7.4.6 FortiPAM versions 1.3.1 through 1.4.2 FortiSRA versions 1.3.1 through 1.4.2 FortiWeb versions 7.0.10 through 7.4.5 Description A use of externally-controlled format...

PT-2025-10784 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 7.6.0 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'path traversal'. This allows an attacker to execute unauthorized code or comman...

PT-2025-10818 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions prior to the fixed version Microsoft Office Online Server version 1.0.0 Description: The issue is a stack-based buffer overflow in Microsoft Office Excel, allowing an unauthorized attacker to execute arbitrary...