PALO ALTO: đź“… Published on May 28, 2026
PALO ALTO Security Advisory Published Date: May 28, 2026 CVE: CVE-2026-0249 Advisory Summary ❗️ Security Alert: Medium Severity Vulnerability in GlobalProtect App Certificate Validation Palo Alto Networks has disclosed a medium severity vulnerability identified as CVE-2026-0249 in their GlobalProtect application. This flaw allows an attacker to bypass certificate validation mechanisms, which could potentially enable unauthorized […]
PALO ALTO NETWORKS: 🛡️ Medium Severity CVE-2026-0250 in GlobalProtect App
PALO ALTO NETWORKS Security Advisory Published Date: May 28, 2026 CVE: CVE-2026-0250 Advisory Summary Palo Alto Networks has disclosed a medium severity buffer overflow vulnerability identified as CVE-2026-0250 affecting its GlobalProtect application. This flaw manifests during the connection process to the Portal or Gateway, potentially allowing malicious actors to execute unintended code or disrupt service […]
FORTINET: đź“… Published on May 12, 2026
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary âť— SQL Injection Vulnerability Discovered in FortiNDR with Moderate Severity Fortinet has disclosed a security vulnerability categorized as CWE-89, involving an improper neutralization of special elements within SQL commands—commonly known as an SQL injection—in its FortiNDR product. This flaw allows an authenticated attacker to execute […]
FORTINET: đź“… Published on May 12, 2026
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary âť— SQL Injection Vulnerability in FortiMail Administrative Portal Fortinet has disclosed a significant security vulnerability (CWE-89) in FortiMail’s administrative portal, involving improper neutralization of special elements used in SQL commands. This SQL Injection flaw, rated with a CVSSv3 score of 6.3, permits an authenticated attacker […]
FORTINET: Critical Out-of-Bounds Write in FortiOS CAPWAP Daemon
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a high-severity security flaw (CVSSv3 score 8.3) affecting the CAPWAP daemon in FortiOS. This Out-Of-Bounds Write vulnerability (CWE-787) potentially enables an attacker who already controls an authenticated FortiAP, FortiExtender, or FortiSwitch device to escalate privileges and execute arbitrary code on the associated […]
FORTINET: Security Advisory: OTP Disclosure Risk in FortiTokenAndroid
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a security vulnerability in its FortiTokenAndroid application identified as CWE-926, related to the improper exportation of Android application components. This flaw potentially allows other applications on the same device to access one-time password (OTP) codes through an exported Content Provider URI. The […]
FORTINET: 🛑 OS Command Injection in FortiAP CLI
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a critical OS command injection vulnerability (CWE-78) impacting the CLI interface of FortiAP and FortiAP-W2 access points. With a CVSSv3 score of 6.5, this flaw allows authenticated attackers to execute unauthorized system commands by leveraging a specially crafted CLI input. This presents […]
FORTINET: đź“… Published on May 12, 2026
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary ❗️ Critical Authorization Vulnerability in FortiSandbox Ecosystem Fortinet has disclosed a severe security flaw (CVE-862) impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS Web UI. The vulnerability stems from missing authorization checks, which could allow unauthenticated attackers to execute unauthorized commands or code through crafted HTTP […]
FORTINET: đź“… Published on May 12, 2026
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary ⬢ ➤ Critical Security Alert: Improper Access Control in FortiAuthenticator API Endpoints Fortinet has disclosed a critical security vulnerability in FortiAuthenticator identified as an Improper Access Control issue (CWE-284) with a high CVSSv3 score of 9.1. This flaw permits unauthenticated attackers to send specially crafted […]
FORTINET: 🛡️ Security Advisory: Hardcoded Encryption Key Vulnerability in FortiClient Windows VPN
FORTINET Security Advisory Published Date: May 12, 2026 Advisory Summary Fortinet has disclosed a security issue impacting FortiClient for Windows, involving a Missing Authorization vulnerability classified as CWE-862. This flaw permits an authenticated local attacker to decrypt VPN passwords currently saved on the device by exploiting an unprotected DLL function. The vulnerability carries a CVSSv3 […]