1826 matches found
CVE-2026-39809
A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...
CVE-2026-39812
A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...
CVE-2026-39808
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...
CVE-2025-53847
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or...
CVE-2026-39815
Fortinet FortiDDoS-F versions 7.2.1–7.2.2 are described as vulnerable to an improper neutralization of special elements used in an SQL command (SQL injection). The issue could allow an attacker to execute unauthorized code or commands via an attack vector. The connected documents do not provide e...
CVE-2026-39812
A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...
CVE-2025-53847
CVE-2025-53847 affects Fortinet FortiOS/FortiGate: missing authentication for a critical function allows an attacker to execute unauthorized code or commands via specially crafted packets. Impact spans FortiOS versions 6.2.x (6.2.9–6.2.17), 6.4.x (all versions), 7.0.x (7.0.0–7.0.17), 7.2.x (7.2.0...
CVE-2025-53847
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or...
CVE-2026-39808
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via...
CVE-2026-39808
Fortinet FortiSandbox is affected by CVE-2026-39808 (FortiSandbox 4.4.0–4.4.8), a os command injection due to improper neutralization of special elements. It could allow an attacker to execute arbitrary code or commands over a network without user interaction, with CVSS v3.1: Critical (AV:N/AC:L/...
CVE-2026-39809
A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...
CVE-2026-39809
A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...
CVE-2026-39809
Fortinet FortiClientEMS contains a SQL injection vulnerability (improper neutralization of special elements in SQL commands) affecting FortiClientEMS 7.0 all versions and 7.2.0–7.2.12, 7.4.0–7.4.5. The issue could allow an attacker to execute unauthorized code or commands. The connected sources p...
CVE-2026-39809
A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a Web application layer firewall developed by the American company Fortinet. It can block threats such as cross-site scripting, SQL injection, cookie poisoning, and schema poisoning, ensuring the security of web applications and protecting sensitive database content. There is...
PT-2026-32650
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiOS 6.2.9 through 6.2.17 allows attacker to execute unauthorized code or...
Fortinet FortiClientEms 安全漏洞
Fortinet FortiClientEms is a centralized management system developed by the American company Fortinet. There is a security vulnerability in Fortinet FortiClientEms, which stems from SQL injection attacks. This vulnerability may allow for the execution of unauthorized code or commands. The followi...