Fortinet FortiMail SQL注入漏洞

Fortinet FortiMail is a suite of email security gateway products developed by the American company Fortinet. This product provides features such as email security protection and data protection. Versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.5, and 7.2.0 to 7.2.8 of Fortinet FortiMail contain SQL injectio...

Astra Linux - уязвимость в php7.3

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when PHP processes incoming HTTP cookie values, the cookie names are url-decoded. This may result in cookies with prefixes like Host being confused with cookies that are decoded with such prefixes. As a consequence,...

CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2025-64153

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized...

CVE-2025-36371 IBM i Information Disclosure

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view...

CVE-2025-54972

An improper neutralization of crlf sequences 'crlf injection' vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a...

Fortinet FortiADC 安全漏洞

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in Fortinet FortiADC that originates from improperly neutralized HTML tags and could lead to a cross-site scripting attack. The following versions are affected: version 8.0.0, versions 7.6....

CVE-2025-53843

CVE-2025-53843 describes a stack-based buffer overflow in Fortinet FortiOS that affects FortiOS 6.4 and 7.x series (notably 7.6.0–7.6.3, 7.4.0–7.4.8, and all 7.2/7.0). The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted packets, with network access ...

CVE-2025-54971

The CVE-2025-54971 entry applies to Fortinet FortiADC: versions 6.2 and 7.0–7.2, and 7.4.0. The issue stems from information exposure that allows an admin with read-only privileges to obtain external resources passwords via the product logs, constituting a sensitive data disclosure vulnerability....

Fortinet FortiMail 注入漏洞

Fortinet FortiMail is a suite of e-mail security gateway products from the U.S. company Fiat Fortinet. The product provides email security and data protection features. An injection vulnerability exists in Fortinet FortiMail that stems from improper CRLF sequence neutralization, which could resul...

Fortinet FortiClientWindows 代码问题漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A code issue vulnerability exists ...

Exploit for Use After Free in Redis

This is a PoC exploit for CVE-2025-49844, a high-risk vulnerability in Redis database. The exploit is a GUI-based tool called "CVE-2025-49844RediShell漏洞检查软件v2.0" that helps enterprises efficiently detect and fix vulnerabilities. The tool is an iteration of the original...

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

CVE-2025-27759

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code o...

CVE-2023-30990

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036...

CVE-2023-26465

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A security vulnerability exists in Fortinet...

PT-2025-2429 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.2 through 7.5 Description: The issue is related to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges o...

PT-2024-5315 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.2 through 7.5 Description: The issue is related to insufficient authority requirements, allowing a local user without administrator privileges to configure a physical file trigger. This can lead to the execution of the trigge...

PT-2024-19361 · Ibm · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.0 through 7.0.5.20 IBM UrbanCode Deploy versions 7.1 through 7.1.2.16 IBM UrbanCode Deploy versions 7.2 through 7.2.3.9 IBM UrbanCode Deploy versions 7.3 through 7.3.2.4 IBM DevOps Deploy versions 8.0 through...