CVSS: 3.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26015
https://notcve.org/view.php?id=CVE-2024-26015
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-446 • CWE-1389: Incorrect Parsing of Numbers with Different Radices •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27784
https://notcve.org/view.php?id=CVE-2024-27784
Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. • https://fortiguard.fortinet.com/psirt/FG-IR-24-072 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-50179
https://notcve.org/view.php?id=CVE-2023-50179
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. • https://fortiguard.fortinet.com/psirt/FG-IR-23-480 • CWE-295: Improper Certificate Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27785
https://notcve.org/view.php?id=CVE-2024-27785
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports. • https://fortiguard.fortinet.com/psirt/FG-IR-24-073 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27783
https://notcve.org/view.php?id=CVE-2024-27783
Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-070 • CWE-352: Cross-Site Request Forgery (CSRF) •