Search

Search Results (363821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47761 1 Fortinet 2 Forticlient, Forticlientwindows 2026-01-14 7.1 High
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.
CVE-2025-64153 1 Fortinet 2 Fortiextender, Fortiextender Firmware 2026-01-14 6.7 Medium
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
CVE-2025-53609 1 Fortinet 1 Fortiweb 2026-01-14 4.7 Medium
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.
CVE-2025-53951 2 Fortinet, Microsoft 3 Fortidlp, Fortidlp Agent, Windows 2026-01-14 4.9 Medium
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port.
CVE-2025-54658 2 Apple, Fortinet 3 Macos, Fortidlp, Fortidlp Agent 2026-01-14 7.2 High
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to Root via sending a crafted request to a local listening port.
CVE-2025-25252 1 Fortinet 1 Fortios 2026-01-14 4.3 Medium
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record.
CVE-2025-46752 2 Fortinet, Microsoft 3 Fortidlp, Fortidlp Agent, Windows 2026-01-14 4.2 Medium
A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.
CVE-2024-46668 1 Fortinet 1 Fortios 2026-01-14 7.1 High
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.
CVE-2024-33507 1 Fortinet 1 Fortiisolator 2026-01-14 7 High
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.
CVE-2025-24473 1 Fortinet 2 Forticlient, Forticlientwindows 2026-01-14 4.8 Medium
A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup)
CVE-2025-46775 1 Fortinet 2 Fortiextender, Fortiextender Firmware 2026-01-14 5.2 Medium
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log commands.
CVE-2024-46669 1 Fortinet 1 Fortios 2026-01-14 3.2 Low
AnĀ Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.
CVE-2025-46373 1 Fortinet 2 Forticlient, Forticlientwindows 2026-01-14 7.1 High
A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections
CVE-2024-40593 1 Fortinet 4 Fortianalyzer, Fortimanager, Fortios and 1 more 2026-01-14 5.9 Medium
A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.
CVE-2023-44247 1 Fortinet 1 Fortios 2026-01-14 6.5 Medium
A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 6.4 all versions may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.
CVE-2023-32409 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2026-01-13 8.6 High
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
CVE-2019-2616 1 Oracle 1 Business Intelligence Publisher 2026-01-13 7.2 High
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).
CVE-2020-6572 1 Google 1 Chrome 2026-01-13 8.8 High
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2021-31956 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2026-01-13 7.8 High
Windows NTFS Elevation of Privilege Vulnerability
CVE-2022-37969 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2026-01-13 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability