Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2025-0464 | Cross-site Scripting vulnerability in Oretnom23 Task Reminder System 1.0 A vulnerability was found in SourceCodester Task Reminder System 1.0. | 4.8 |
| 2025-01-14 | CVE-2023-42785 | NULL Pointer Dereference vulnerability in Fortinet Fortios A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. | 6.5 |
| 2025-01-14 | CVE-2023-42786 | NULL Pointer Dereference vulnerability in Fortinet Fortios A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. | 6.5 |
| 2025-01-14 | CVE-2023-46715 | Origin Validation Error vulnerability in Fortinet Fortios An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets. | 4.3 |
| 2025-01-14 | CVE-2024-35278 | SQL Injection vulnerability in Fortinet Fortiportal A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | 4.3 |
| 2025-01-14 | CVE-2024-36506 | Unspecified vulnerability in Fortinet Forticlientems and Forticlientems Cloud An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection. | 5.3 |
| 2025-01-14 | CVE-2024-36510 | Information Exposure Through Discrepancy vulnerability in Fortinet Forticlientems and Fortisoar An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. | 5.3 |
| 2025-01-14 | CVE-2024-40587 | OS Command Injection vulnerability in Fortinet Fortivoice An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | 6.7 |
| 2025-01-14 | CVE-2024-45326 | Unspecified vulnerability in Fortinet Fortideceptor An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. | 4.3 |
| 2025-01-14 | CVE-2024-46664 | Path Traversal vulnerability in Fortinet Fortirecorder A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests. | 4.9 |