CVSSv3 Score: 7.1 A reliance on cookie without validation or integrity checking vulnerability [CWE-565] in FortiWeb may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS...
Read MoreFortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect FortiOS,...
Read MoreCVSSv3 Score: 6.2 An Improper access control vulnerability [CWE-284] in FortiSOAR may allow Information disclosure to an authenticated attacker via crafted requests Revised on 2025-12-09 00:00:00
Read MoreCVSSv3 Score: 7.0 An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSandbox may allow an authenticated attacker to execute unauthorized code...
Read MoreCVSSv3 Score: 6.9 An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSandbox GUI may allow an authenticated privileged attacker to execute...
Read More