Organizations running Fortinet FortiWeb, the company’s web application firewall, face an immediate threat: a single crafted ...

Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

Fortinet warns of a critical security vulnerability in FortiSandbox and other leaks in FortiPortal and FortiOS/FortiProxy.

Fortinet’s FortiClient endpoint management software, meant to harden corporate and government machines, instead exposed them ...

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through ...

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...

Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands.

As expected, cyberattackers have pounced on a critical remote code execution (RCE) vulnerability in the Fortinet Enterprise Management Server (EMS) that was patched last week, allowing them to execute ...

Two new maximum-severity vulnerabilities have hit Fortinet's FortiSIEM product. Tracked under the identifiers CVE-2024-23108 and CVE-2024-23109, these vulnerabilities threaten the security posture of ...