Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-39813
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>
CVSS Score
9.8
EPSS Score
0.001
Published
2026-04-14
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
CVSS Score
6.7
EPSS Score
0.0
Published
2026-04-14
CVE-2026-39808
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>
CVSS Score
9.8
EPSS Score
0.001
Published
2026-04-14
CVE-2026-2404
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-04-14
CVE-2026-2405
CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-04-14
CVE-2026-2399
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-04-14
CVE-2026-2400
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-04-14
CVE-2026-2401
CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-04-14
CVE-2026-2402
CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-04-14
CVE-2026-2403
CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-04-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved