Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39808 | 1 Fortinet | 3 Fortisandbox, Fortisandbox Paas, Fortisandboxpaas | 2026-05-13 | 9.1 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here> | ||||
| CVE-2026-25836 | 1 Fortinet | 3 Fortisandbox Cloud, Fortisandboxcloud, Fortisandboxpaas | 2026-05-12 | 6.7 Medium |
| An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2026-26083 | 1 Fortinet | 3 Fortisandbox, Fortisandboxcloud, Fortisandboxpaas | 2026-05-12 | 9.1 Critical |
| A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. | ||||
| CVE-2025-61886 | 1 Fortinet | 4 Fortisandbox, Fortisandbox Cloud, Fortisandbox Paas and 1 more | 2026-04-22 | 4.9 Medium |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests. | ||||
| CVE-2026-25691 | 1 Fortinet | 5 Fortisandbox, Fortisandbox Cloud, Fortisandbox Paas and 2 more | 2026-04-22 | 6.2 Medium |
| A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests. | ||||
| CVE-2026-27316 | 1 Fortinet | 4 Fortisandbox, Fortisandbox Cloud, Fortisandbox Paas and 1 more | 2026-04-22 | 2.5 Low |
| A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection. | ||||
| CVE-2026-39812 | 1 Fortinet | 4 Fortisandbox Paas, Fortisandbox, Fortisandbox Cloud and 1 more | 2026-04-21 | 4.3 Medium |
| A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here> | ||||
Page 1 of 1.