cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-55591,https://securityvulnerability.io/vulnerability/CVE-2024-55591,Remote Attackers Can Gain Super-Admin Privileges via Crafted Requests to Node.js Websocket Module,"A vulnerability exists in FortiOS and FortiProxy that allows a remote attacker to exploit an authentication bypass through crafted requests targeting the Node.js websocket module. This weakness could enable unauthorized users to attain super-admin privileges, compromising system security. Users of affected versions should take immediate action to mitigate risks by updating to the latest software versions.",Fortinet,"FortiOS,Fortiproxy",9.8,CRITICAL,0.026340000331401825,true,2025-01-14T00:00:00.000Z,true,true,true,2025-01-14T19:57:47.000Z,true,true,true,2025-01-16T04:52:02.516Z,2025-01-14T14:15:00.000Z,23558
CVE-2023-34990,https://securityvulnerability.io/vulnerability/CVE-2023-34990,Path Traversal Vulnerability in Fortinet FortiWLM,"A vulnerability allowing relative path traversal in Fortinet FortiWLM within versions 8.5.0 to 8.5.4 and 8.6.0 to 8.6.5 may enable attackers to execute unauthorized code or commands. This occurs through specially crafted web requests, potentially compromising the integrity of the system and its data. Users of affected versions should apply security updates as provided by Fortinet to mitigate risks.",Fortinet,Fortiwlm,9.6,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-12-19T10:59:43.000Z,,false,false,,2024-12-18T12:44:38.664Z,1449
CVE-2024-47574,https://securityvulnerability.io/vulnerability/CVE-2024-47574,Low-privilege attacker can execute arbitrary code with high privileges via spoofed named pipe messages,"An authentication bypass vulnerability in Fortinet's FortiClient allows low-privilege attackers to execute arbitrary code by exploiting a weakness in the named pipe messaging system. This flaw affects multiple versions, providing avenues for potential unauthorized access and execution of malicious actions. Organizations using the impacted versions are advised to apply updates to safeguard against exploitation.",Fortinet,Forticlient,7.8,HIGH,0.0004299999854993075,false,,false,false,true,2024-11-14T22:22:13.000Z,,false,false,,2024-11-13T12:15:00.000Z,0
CVE-2024-23111,https://securityvulnerability.io/vulnerability/CVE-2024-23111,FortiOS Vulnerability Allows Privileged Attacker to Decrypt Backups,"An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.",Fortinet,"FortiOS,Fortiproxy",4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-10-28T02:39:00.000Z,true,false,false,,2024-06-11T14:32:00.312Z,0
CVE-2024-47575,https://securityvulnerability.io/vulnerability/CVE-2024-47575,Specially crafted requests can execute arbitrary code or commands in FortiManager,"A critical security vulnerability exists in Fortinet's FortiManager products due to missing authentication for a critical function. This flaw enables attackers to send specially crafted requests that may allow arbitrary code execution or command execution on the affected devices. This vulnerability affects multiple versions of FortiManager and FortiManager Cloud, emphasizing the need for immediate attention and remediation to safeguard systems against potential exploitation.",Fortinet,Fortimanager,9.8,CRITICAL,0.8714600205421448,true,2024-10-23T00:00:00.000Z,true,true,true,2024-10-23T00:00:00.000Z,true,true,true,2024-10-27T12:23:45.625Z,2024-10-23T15:15:00.000Z,36364
CVE-2024-23113,https://securityvulnerability.io/vulnerability/CVE-2024-23113,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution,"A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products, allowing attackers to manipulate externally controlled format strings. This weakness enables the execution of unauthorized code or commands through specially crafted packets. Organizations using affected versions should prioritize remediation measures, as exploitation can lead to significant security breaches and data compromises.",Fortinet,"Fortiswitchmanager,FortiOS,Fortipam,Fortiproxy",9.8,CRITICAL,0.024890000000596046,true,2024-10-09T00:00:00.000Z,true,false,true,2024-10-09T00:00:00.000Z,true,true,true,2024-10-17T01:52:02.750Z,2024-02-15T13:59:25.313Z,20538
CVE-2023-42789,https://securityvulnerability.io/vulnerability/CVE-2023-42789,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution via HTTP Requests,"An out-of-bounds write vulnerability exists in Fortinet's FortiOS and FortiProxy, affecting several versions across both products. This flaw allows an attacker to craft specific HTTP requests that can lead to the execution of unauthorized commands or code. As a result, potential impacts include compromising the integrity and availability of the affected systems, making timely updates and patching critical for maintaining security.",Fortinet,"FortiOS,Fortipam,Fortiproxy",9.3,CRITICAL,0.0010499999625608325,false,,false,false,true,2024-03-28T17:59:12.000Z,true,false,false,,2024-03-12T15:09:18.416Z,0
CVE-2023-48788,https://securityvulnerability.io/vulnerability/CVE-2023-48788,SQL Injection Vulnerability in Fortinet FortiClientEMS Products,"An SQL injection vulnerability exists in specific versions of Fortinet FortiClientEMS, allowing attackers to exploit improper neutralization of special elements used in SQL commands. This vulnerability permits unauthorized code execution via specially crafted packets, potentially compromising the affected systems and leading to unauthorized access and control. Users of FortiClientEMS should be aware of this vulnerability and take appropriate measures to mitigate risks.",Fortinet,Forticlientems,9.8,CRITICAL,0.9682300090789795,true,2024-03-25T00:00:00.000Z,true,true,true,2024-03-21T20:54:08.000Z,true,true,true,2024-03-18T03:52:02.309Z,2024-03-12T15:09:18.527Z,8543