1830 matches found
CVE-2021-26105
A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
CVE-2021-26105
A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
CVE-2021-26105
A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
CVE-2021-26105
A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
CVE-2021-26105
A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...
CVE-2024-55594
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...
CVE-2023-42784
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...
CVE-2024-32123
Multiple improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0...
CVE-2024-54026
An improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandb...
CVE-2024-55597
A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests...
CVE-2024-55590
Multiple improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via...
CVE-2024-55594
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...
CVE-2024-55594
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...
CVE-2024-55594
CVE-2024-55594 affects Fortinet FortiWeb prior to versions 7.4.0–7.4.6, 7.2.0–7.2.10, and 7.0.0–7.0.10. The issue arises from improper handling of syntactically invalid structure in HTTP/S requests, enabling an unauthenticated attacker to execute unauthorized code or commands. The NVD CVSSv3.1 ba...
CVE-2025-24082
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2025-24993
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally...
Fixed vulnerabilities in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb.
Fortinet has fixed a vulnerability in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb. The vulnerability is in how certain Fortinet products handle HTTP and HTTPS requests. A malicious party with certain privileges can send specially crafted requests that lead to the execution of unauthorize...
CVE-2025-26645
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2025-24084
Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally...
CVE-2025-24080
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...