A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may…

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an…

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to…

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16…

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through…

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions;…

Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and…

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.…

Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly…

Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form. Zafiyet ile…