CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Fortinet: >> Fortisiem >> 7.3.2 Security Vulnerabilities

CVE-2026-25972

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.

CVSS Score

4.3

EPSS Score

0.001

Published

2026-03-10

CVE-2025-64155

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.

CVSS Score

9.8

EPSS Score

0.001

Published

2026-01-13

Page 1

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortisiem >> 7.3.2 Security Vulnerabilities

Products

Pricing

Contact Us