Credential disclosure in LDAP configuration web page.
CVSSv3 Score: 2.5
An Insufficiently protected credentials vulnerability in FortiSanbox and FortiSanbox PaaS GUI may allow an authenticated administrator to...
Integer Overflow Denial of Service in administrative interface
CVSSv3 Score: 4.4
An Integer Overflow or Wraparound vulnerability in FortiWeb may allow a privileged authenticated attacker to perform a...
OS Command Injection through API endpoint
CVSSv3 Score: 9.1
An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability in FortiSandbox...
Heap-based buffer overflow in oftpd daemon
CVSSv3 Score: 7.3
A heap-based buffer overflow vulnerability in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to...
Hardcoded symmetric encryption key for Postgresql
CVSSv3 Score: 5.2
A use of hard-coded cryptographic key vulnerability in FortiClientEMS may allow an attacker in possession of an...
2FA request can be replayed without a valid token after one successful request
CVSSv3 Score: 6.7
An Improper authentication vulnerability in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via...
Multiple Path traversals in CLI
CVSSv3 Score: 6.2
Multiple Relative Path Traversal vulnerabilities in FortiWeb may allow a local privileged attacker to execute unauthorized code...
Multiple Stored XSS
CVSSv3 Score: 4.3
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FortiSandbox and FortiSandbox Cloud...
Clear-text credentials retrievable with IP modification for connectors
CVSSv3 Score: 4.1
A Storing Passwords in a Recoverable Format vulnerability in FortiSOAR may allow an authenticated remote attacker to...
Cleartext Credentials in response for API endpoints
CVSSv3 Score: 6.2
A Cleartext Transmission of Sensitive Information vulnerability in FortiSOAR may allow an authenticated attacker to view cleartext...
Latest article
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface...
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack...
Readers reply: Experts say we should use passkeys, but can a smartphone pin really...
The long-running series in which readers answer other readers’ questions on subjects ranging from trivial flights of fancy to profound scientific and philosophical conceptsThis...
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Information published. - Read more
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on...
