Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-26114
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN prior to 4.5.9 may allow an unauthenticated malicious user to execute unauthorized code or commands via specifically crafted HTTP requests.
Fortinet Fortiwan
9.8
CVSSv3
CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Vmware Spring Cloud Function
Oracle Sd-wan Edge 9.0
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Banking Cash Management 14.5
Oracle Banking Trade Finance Process Management 14.5
Oracle Banking Credit Facilities Process Management 14.5
Oracle Banking Corporate Lending Process Management 14.5
Oracle Banking Supply Chain Finance 14.5
Oracle Sd-wan Edge 9.1
Oracle Banking Liquidity Management 14.5
Oracle Banking Liquidity Management 14.2
Oracle Banking Virtual Account Management 14.5
Oracle Financial Services Enterprise Case Management 8.1.1.0
Oracle Financial Services Enterprise Case Management 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.2.0
Oracle Financial Services Behavior Detection Platform 8.1.1.1
Oracle Financial Services Behavior Detection Platform 8.1.1.0
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Communications Policy Management 12.6.0.0.0
63 Github repositories
3 Articles
9.8
CVSSv3
CVE-2021-32586
An improper input validation vulnerability in the web server CGI facilities of FortiMail prior to 7.0.1 may allow an unauthenticated malicious user to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.
Fortinet Fortimail
Fortinet Fortimail 7.0.0
9.8
CVSSv3
CVE-2021-36166
An improper authentication vulnerability in FortiMail prior to 7.0.1 may allow a remote malicious user to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.
Fortinet Fortimail
Fortinet Fortimail 7.0.0
9.8
CVSSv3
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.2
9.8
CVSSv3
CVE-2021-26109
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS prior to 7.0.1 may allow an unauthenticated malicious user to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code executi...
Fortinet Fortios
Fortinet Fortios 7.0.0
9.8
CVSSv3
CVE-2021-36186
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
9.8
CVSSv3
CVE-2021-24019
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an malicious user to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via o...
Fortinet Forticlient Endpoint Management Server
9.8
CVSSv3
CVE-2021-32588
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated malicious user to execute unauthorized commands as root by uploading and deploying ma...
Fortinet Fortiportal
9.8
CVSSv3
CVE-2021-24007
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail prior to 6.4.4 may allow a non-authenticated malicious user to execute unauthorized code or commands via specifically crafted HTTP requests.
Fortinet Fortimail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »