2024-12-27 14:13:32 Pacfic
Fortinet Flaws Allow Remote Code Execution - 7d
Multiple critical vulnerabilities have been discovered in Fortinet’s products including FortiWLM and FortiClient EMS. These vulnerabilities, including path traversal and SQL injection flaws, allow attackers to execute arbitrary code and access sensitive data. Exploitation of these vulnerabilities can lead to complete system compromise highlighting the need for immediate patching and proper vulnerability management.
FortiWLM Path Traversal and Next.js Auth Bypass - 7d
A critical path traversal vulnerability (CVE-2023-34990) has been identified in FortiWLM, allowing unauthenticated attackers to access sensitive files. Additionally, a separate authorization bypass (CVE-2024-51479) has been discovered in Next.js. Both vulnerabilities permit unauthorized actions, including potential code execution. Users are advised to patch their systems immediately to mitigate these serious risks which have been actively exploited in the wild.