eol.network
Account
Home/News

Security & Lifecycle News

Aggregated from vendor advisories, security research, and industry publications.

Industry Vendor Advisories Blog All Sources
FortiGuard PSIRT Advisories

OS command injection on vmimages update feature

CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox …

FortiGuard PSIRT Advisories

Stack buffer overflow in API

CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker who can bypass stack protection and ASLR to exec…

FortiGuard PSIRT Advisories

Format string vulnerability in fazsvcd

CVSSv3 Score: 6.5 A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daem…

FortiGuard PSIRT Advisories

Reflected Cross Site Scripting (XSS) in error page

CVSSv3 Score: 4.1 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79] in FortiSIEM's error page may allow a remote unauthenticate…

FortiGuard PSIRT Advisories

Authentication Lockout Bypass via Race Condition

CVSSv3 Score: 3.4 An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and FortiAnalyzer may allow an attacker to bypass brute…

FortiGuard PSIRT Advisories

Buffer Overflow in LLDP OUI field

CVSSv3 Score: 7.7 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker…

FortiGuard PSIRT Advisories

SQL injection in jsonrpc api

CVSSv3 Score: 5.6 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiAnalyzer and FortiAnalyzer-BigData AP…

FortiGuard PSIRT Advisories

Arbitrary file deletion in administrative interface

CVSSv3 Score: 6.0 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEBUI may allow a privileged a…

FortiGuard PSIRT Advisories

OS Command injection in FortiWeb API

CVSSv3 Score: 6.7 An OS Command Injection vulnerability [CWE-78] in FortiWeb API may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP…

FortiGuard PSIRT Advisories

Stack-based Buffer Overflow in API protection

CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via crafte…

FortiGuard PSIRT Advisories

Buffer overflow via fgtupdates service

CVSSv3 Score: 7.0 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute unauthorized…

FortiGuard PSIRT Advisories

MFA Bypass in GUI

CVSSv3 Score: 6.8 An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiManager and FortiAnalyzer multifactor authentication may allow a…

FortiGuard PSIRT Advisories

SSL-VPN Symlink Persistence Patch Bypass

CVSSv3 Score: 5.3 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypa…

FortiGuard PSIRT Advisories

OpenSSL CVE-2025-15467

CVSSv3 Score: 9.8 CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow ma…

CVE-2025-15467
↑ Top