Dataproof Communications

CVSSv3 Score: 5.3 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability,...

CVSSv3 Score: 5.2 An HTTP request smuggling vulnerability in FortiOS may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header Revised on 2026-02-10 00:00:00 - Read more

CVSSv3 Score: 6.8 A missing authorization vulnerability in FortiAuthenticator may allow a read-only admin to make modification to local users via a file upload to an unprotected endpoint. Revised on 2026-02-10 00:00:00 - Read more

CVSSv3 Score: 7.5 An Authentication Bypass by Primary Weakness vulnerability in FortiOS fnbamd may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration. Revised on 2026-02-10 00:00:00 - Read more

CVSSv3 Score: 6.7 A Use of Externally-Controlled Format String vulnerability in FortiGate may allow an authenticated admin to execute unauthorized code or commands via specifically crafted configuration. Revised on 2026-02-10 00:00:00 - Read more

CVSSv3 Score: 3.8 An Improper Verification of Source of a Communication Channel vulnerability in FortiOS FSSO Terminal Services Agent may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests. Revised on 2026-02-10 00:00:00 - Read more

CVSSv3 Score: 6.4 An Improper Link Resolution Before File Access vulnerability in FortiClient Windows may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages. Revised on 2026-02-10 00:00:00 - Read more

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. - Read more

Artificial intelligence has transformed how organizations operate—and threat actors are moving just as quickly. In Cofense’s recent webinar, The New Era of Phishing: Threats Built in the Age of AI, Cofense Chief Security Officer Josh Bartolomie joined threat experts Chance Caldwell and Max Gannon to break down the most important phishing trends emerging from real-world attack data.Phishing isn’t slowing...

- Read more