Multiple authenticated OS Command Injections via API
CVSSv3 Score: 6.7
An OS command injection vulnerabtility in FortiExtender API may allow an authenticated attacker to execute unauthorized code...
Reflected XSS in HA cluster
CVSSv3 Score: 5.3
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FortiSandbox may allow an...
Current password requirement bypass for self password change
CVSSv3 Score: 6.5
An Unverified Password Change vulnerability in FortiSOAR may allow an attacker who gained access to a victim's...
OS command injection in multiple endpoints
CVSSv3 Score: 7.0
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in FortiSandbox...
Capacity to forge authentication cookies
CVSSv3 Score: 7.1
A reliance on cookie without validation or integrity checking vulnerability in FortiWeb may allow an unauthenticated attacker...
OS command injection in GUI backup options
CVSSv3 Score: 6.9
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in FortiSandbox...
Insertion of sensitive information into REST API logs
CVSSv3 Score: 6.3
An insertion of sensitive information into log file vulnerability in FortiOS, FortiProxy, FortiPAM and FortiSRA may allow...
Broken access control on API endpoints
CVSSv3 Score: 6.2
An Improper access control vulnerability in FortiSOAR may allow Information disclosure to an authenticated attacker via crafted...
Multiple Fortinet Products’ FortiCloud SSO Login Authentication Bypass
CVSSv3 Score: 9.1
An Improper Verification of Cryptographic Signature vulnerability in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager mayallow an unauthenticated attacker to...
Read-only admin could obtain admin configuration secrets
CVSSv3 Score: 2.6
An improper access control vulnerability in FortiAuthenticator Web UI may allow an authenticated attacker with at least...
Latest article
Patch Tuesday – March 2026
Microsoft is publishing 77 vulnerabilities this March 2026 Patch Tuesday. Microsoft is aware of public disclosure of two of today’s vulnerabilities, but without evidence...
AWS European Sovereign Cloud achieves first compliance milestone: SOC 2 and C5 reports plus...
In January 2026, we announced the general availability of the AWS European Sovereign Cloud, a new, independent cloud for Europe entirely located...
Google’s $32B Wiz Acquisition Set to Become Israel’s Largest Tech Deal Ever
Google’s $32 billion Wiz acquisition is nearing completion, marking a record Israeli tech exit and a major bet on cloud security.
The post Google’s $32B...
OpenAI’s Promptfoo Deal Plugs Agentic AI Testing Gap
OpenAI’s latest acquisition addresses a security need Jamieson O’Reilly, security advisor at OpenClaw, raised during an exclusive interview with Infosecurity - Read more
