Common Vulnerabilities and Exposures (CVE)

CVE-2025-22454

Feb 26, 2026 19:09:41 UTC

Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

CVE-2023-40723

Feb 26, 2026 19:09:41 UTC

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1....

CVE-2024-45328

Feb 26, 2026 19:09:41 UTC

An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.

CVE-2024-52961

Feb 26, 2026 19:09:41 UTC

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, ...

CVE-2024-46663

Feb 26, 2026 19:09:41 UTC

A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.

CVE-2024-45324

Feb 26, 2026 19:09:40 UTC

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 ...

CVE-2023-37933

Feb 26, 2026 19:09:40 UTC

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via...

CVE-2024-54018

Feb 26, 2026 19:09:40 UTC

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.

CVE-2024-32123

Feb 26, 2026 19:09:40 UTC

Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 ...

CVE-2025-27172

Feb 26, 2026 19:09:40 UTC

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in ...

CVE-2025-21169

Feb 26, 2026 19:09:40 UTC

Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti...

CVE-2025-26634

Feb 26, 2026 19:09:39 UTC

Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.

CVE-2025-24983

Feb 26, 2026 19:09:39 UTC

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

CVE-2025-24984

Feb 26, 2026 19:09:39 UTC

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

CVE-2025-24985

Feb 26, 2026 19:09:39 UTC

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.