4.8
CVE-2023-33300 -
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.
7.8
CVE-2023-45588 -
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
5.9
CVE-2024-40585 -
An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, versioโฆ
2.6
CVE-2022-29059 -
An improper neutralization of special elements used in an SQL commandย ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically craftโฆ
6
CVE-2024-47573 -
An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corruptedโฆ
8.3
CVE-2024-46662 -
A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets
4.4
CVE-2024-40590 -
Anย improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-tโฆ
4.1
CVE-2024-45638 - IBM QRadar EDR information disclosure
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
5.9
CVE-2024-45643 - IBM QRadar EDR information disclosure
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
6.9
CVE-2025-2268 - HP LaserJet MFP M232-M237 Printer Series - Potential Denial of Service
The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).