An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientMac may allow an unauthenticated attacker to execute arbitrary code on the victim’s host via tricking the user...
Read MoreAn Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer...
Read MoreAn exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiADC may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPS requests. Revised on 2025-10-14...
Read MoreAn Insertion of Sensitive Information into Log File [CWE-532] vulnerability in FortiDLP Windows Agent installer may allow an authenticated attacker to pollute the agent pool via re-using the enrollment code. Revised on...
Read MoreAn Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS and FortiProxy explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP...
Read More