PT-2025-10771

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.4.4 FortiProxy versions 7.0.19 through 7.4.6 FortiPAM versions 1.3.1 through 1.4.2 FortiSRA versions 1.3.1 through 1.4.2 FortiWeb versions 7.0.10 through 7.4.5 Description A use of externally-controlled format...

Fortinet FortiWeb Web application firewall rules bypass by using an empty filename (FG-IR-23-115)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-23-115 advisory. - Two improper handling of syntactically invalid structure vulnerabilities CWE-228 in FortiWeb may allowan...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...

CVE-2025-24985

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

PT-2025-10818 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel versions prior to the fixed version Microsoft Office Online Server version 1.0.0 Description: The issue is a stack-based buffer overflow in Microsoft Office Excel, allowing an unauthorized attacker to execute arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2016-6814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization...

CKEditor 41.3.0 < 44.2.1 XSS

The version of CKEditor included on the remote web host is 41.3.0 prior to 44.2.1. It may, therefore, be affected by a cross-site scripting XSS vulnerability. This vulnerability affects user markers, which represent users' positions within the document. It can lead to unauthorized JavaScript code...

VulnCheck KEV: CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CKEditor 41.3.0 - 44.2.0 XSS Vulnerability

CKEditor 5 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package

Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. Th...

GHSA-J3MM-WMFM-MWVH Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package

Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. Th...

CVE-2024-50569

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-40584

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0...

CVE-2024-12755

A Cross-Site Scripting XSS vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information...

CVE-2024-50569

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-50569

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2024-27781

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all...

CVE-2024-12755

A Cross-Site Scripting XSS vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information...