Fortinet Fortigate ZTNA Server Improper Certificate Validation (FG-IR-24-457)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-457 advisory. - An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below, versi...

CVE-2025-25253

An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow a...

CVE-2025-25253

CVE-2025-25253 describes improper validation of certificate hostnames in FortiProxy (and FortiOS ZTNA proxy) that could allow an unauthenticated attacker in a man-in-the-middle position to intercept and tamper with connections. Affected products/versions from the provided docs include FortiProxy ...

EUVD-2023-44848

Malicious code in bioql PyPI...

EUVD-2024-29369

Malicious code in bioql PyPI...

EUVD-2023-44850

Malicious code in bioql PyPI...

EUVD-2023-44849

Malicious code in bioql PyPI...

EUVD-2025-18301

Malicious code in bioql PyPI...

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

CVE-2025-6083

CVE-2025-6083 affects ExtremeCloud Universal ZTNA. A syntax error in the searchKeyword condition allows queries to bypass the owner_id filter, potentially letting a user search data across the entire table instead of constraints tied to their owner_id. The available connected sources consistently...

CVE-2025-6083 ExtremeCloud Universal ZTNA Improper Authorization

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

CVE-2025-6083 ExtremeCloud Universal ZTNA Improper Authorization

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

PT-2025-25448

Name of the Vulnerable Software and Affected Versions ExtremeCloud Universal ZTNA affected versions not specified Description A syntax error in the searchKeyword condition allows queries to bypass the owner id filter. This issue may enable users to search data across the entire table, rather than...

Top 3 Threat Report Insights for Q2 2024

Cato CTRL Cyber Threats Research Lab has released its Q2 2024 Cato CTRL SASE Threat Report. The report highlights critical findings based on the analysis of a staggering 1.38 trillion network flows from more than 2,500 of Cato's global customers, between April and June 2024. Key Insights from the...

CVE-2024-31489

AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...

CVE-2024-31489

AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...

CVE-2024-31489

AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...

CVE-2024-31489

CVE-2024-31489 is a concrete issue: FortiClient components (Windows 7.0.0–7.0.11 and 7.2.0–7.2.2; Linux 7.0.0–7.0.11; Mac 7.0.0–7.0.11 and 7.2.0–7.2.4) suffer an improper certificate validation (CWE-295) that allows remote, unauthenticated MITM during ZTNA tunnel establishment with FortiGate. Aff...

PT-2024-9823 · Fortinet · Forticlientmac +3

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.2 FortiClientLinux versions 7.0.0 through 7.0.11, 7.2.0 FortiClientMac versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 Description: The issue is related to an improper...