30 matches found
Fortinet FortiWeb - Authentication Bypass to Admin Privilege
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...
CVE-2022-42473
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password...
CVE-2023-45590
An improper control of generation of code 'code injection' in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website...
EUVD-2017-12269
Malware in sbrugna...
EUVD-2015-3658
Malware in sbrugna...
EUVD-2017-16371
Malware in sbrugna...
EUVD-2019-16250
Malware in sbrugna...
EUVD-2017-8701
Malware in sbrugna...
EUVD-2017-12267
Malware in sbrugna...
EUVD-2018-11935
Malware in sbrugna...
EUVD-2023-29546
Malicious code in bioql PyPI...
EUVD-2022-44542
Malicious code in bioql PyPI...
EUVD-2024-54267
Malicious code in bioql PyPI...
EUVD-2024-29375
Malicious code in bioql PyPI...
EUVD-2022-45546
Malicious code in bioql PyPI...
EUVD-2024-31239
Malicious code in bioql PyPI...
CVE-2025-25257
An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execu...
CVE-2025-47295
CVE-2025-47295 describes a buffer over-read in Fortinet FortiOS FGFM daemon that could crash FGFM when processing a specially crafted request. Affected FortiOS versions include 7.0.0–7.0.14, 7.2.0–7.2.7, and 7.4.0–7.4.3. The underlying issue is a lack of proper input validation leading to a read ...
CVE-2024-31495
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality...
CVE-2024-47566
A improper limitation of a pathname to a restricted directory 'path traversal' CWE-23 in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests...