Dataproof Communications

CVSSv3 Score: 7.3 A heap-based buffer overflow vulnerability in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 5.2 A use of hard-coded cryptographic key vulnerability in FortiClientEMS may allow an attacker in possession of an encrypted dump of the database to decrypt it. Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 2.5 An Insufficiently protected credentials vulnerability in FortiSanbox and FortiSanbox PaaS GUI may allow an authenticated administrator to read LDAP server credentials via client-side inspection. Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 6.2 A Cleartext Transmission of Sensitive Information vulnerability in FortiSOAR may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability in FortiSOAR may allow an authenticated remote attacker to retrieve passwords for multiple installed connectors via server address modification in connector configuration. Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability in FortiSOAR may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration. Revised on 2026-04-14 00:00:00 - Read more

On March 31, 2026, the Axios npm package was compromised via a maintainer account takeover. Two malicious versions were published - axios@1.14.1 and axios@0.30.4 - which introduced a hidden dependency (plain-crypto-js@4.2.1) able to execute a post‑install script deploying a cross‑platform Remote Access Trojan (RAT) on Windows, macOS, and Linux systems. Revised on 2026-04-14 00:00:00 - Read...

CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS and FortiSandbox Cloud WEB UI may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests. Revised on 2026-04-14 00:00:00 - Read...

CVSSv3 Score: 6.7 An Improper authentication vulnerability in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration. Revised on 2026-04-14 00:00:00 - Read more

Recorded Future is now offering four solutions covering cyber operations, digital risk protection, third-party risk, and payment fraud. Three tiered packages (Core, Professional, Elite) bundle these solutions to scale with an organization's security program. Packages include unlimited users and integrations so intelligence reaches everyone who needs it. The global threat...