CVE-2024-54026

An improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandb...

CVE-2024-55590

Multiple improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via...

CVE-2024-45324

CVE-2024-45324 describes an externally-controlled format string vulnerability (CWE-134) in Fortinet products, allowing a privileged attacker to execute unauthorized code via specially crafted HTTP/HTTPS commands. Affected are FortiOS (versions 7.4.0–7.4.4; 7.2.0–7.2.9; 7.0.0–7.0.15 and before 6.4...

CVE-2024-45324

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2023-40723

Fortinet FortiSIEM is affected by CVE-2023-40723 across multiple releases: 5.1.0–5.1.3, 5.2.1–5.2.2, 5.2.5–5.2.8, 5.3.0–5.3.3, 5.4.0, 6.1.0–6.1.2, 6.2.0–6.2.1, 6.3.0–6.3.3, 6.4.0–6.4.2, 6.5.0–6.5.1, 6.6.0–6.6.3, 6.7.0–6.7.4. The issue allows an attacker to disclose sensitive information and execu...

CVE-2023-42784

Fortinet FortiWeb CVE-2023-42784 affects FortiWeb versions 7.0.0–7.0.10, 7.2.0–7.2.10, and 7.4.0–7.4.6. The root cause is improper handling of syntactically invalid structures, enabling an attacker to execute unauthorized code or commands via crafted HTTP/S requests. The vulnerability is document...

CVE-2023-40723

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2...

CVE-2023-42784

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests...

CVE-2024-55597

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2024-55597

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests...

Microsoft Office Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally...

Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

PT-2025-10823

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A use after free condition exists in Microsoft Office, allowing an unauthorized attacker to execute code. The issue enables remote attackers to execute arbitrary code and affect the...

Fortinet FortiSandbox SQL注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from an SQL injection vulnerability that stems...

Fortinet FortiWeb Directory Traversal Arbitrary File Write (FG-IR-24-439)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-439 advisory. - A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiWeb versions 7.0.0 through...

Fortinet FortiManager和Fortinet FortiAnalyzer SQL注入漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains ADOM to further simplify the...

PT-2025-10784 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 7.6.0 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'path traversal'. This allows an attacker to execute unauthorized code or comman...

PT-2025-10767 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 7.0.0 through 7.0.10 Fortinet FortiWeb versions 7.2.0 through 7.2.10 Fortinet FortiWeb versions 7.4.0 through 7.4.6 Description: The issue is related to the improper handling of syntactically invalid structures,...

Fortinet FortiSIEM 信息泄露漏洞

Fortinet FortiSIEM is a security information and event management system from Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. An information disclosure vulnerability exists in Fortinet FortiSIEM that stems from the exposure of sensitive...