Nye sårbarheter

Sikkerhetsoppdateringer (CVE)

Hva er CVE? CVE er en internasjonal liste over kjente sårbarheter i programvare og maskinvare.
Vi velger å liste opp sårbarheter for Microsoft og FortiNet produkter her.

Microsoft og FortiNet sårbarheter siste 30 dager AKTIV OVERVÅKNING
MICROSOFT CVSS: 5.0
EUVD-2026-12170
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Publisert: 13.03.2026SE DETALJER →
MICROSOFT CVSS: 7.1
EUVD-2026-12111
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Publisert: 13.03.2026SE DETALJER →
MICROSOFT CVSS: 7.5
EUVD-2026-10691
.NET Denial of Service Vulnerability
Publisert: 11.03.2026SE DETALJER →
MICROSOFT CVSS: 7.5
EUVD-2026-10693
.NET Denial of Service Vulnerability
Publisert: 11.03.2026SE DETALJER →
MICROSOFT CVSS: 7.8
EUVD-2026-10695
.NET Elevation of Privilege Vulnerability
Publisert: 11.03.2026SE DETALJER →
MICROSOFT CVSS: 5.5
EUVD-2026-10796
Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose information locally.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 8.4
EUVD-2026-10679
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 7.8
EUVD-2026-10672
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 7.8
EUVD-2026-10678
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 8.4
EUVD-2026-10676
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 7.8
EUVD-2026-10665
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 8.4
EUVD-2026-10675
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 7.8
EUVD-2026-10673
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 8.8
EUVD-2026-10677
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Publisert: 10.03.2026SE DETALJER →
MICROSOFT CVSS: 7.8
EUVD-2026-10663
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 5.9
EUVD-2026-10537
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 6.7
EUVD-2026-10531
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 4.1
EUVD-2026-10533
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 6.0
EUVD-2026-10530
An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 2.5
EUVD-2026-10523
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 5.9
EUVD-2026-10522
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 7.4
EUVD-2026-10521
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges to root.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 6.8
EUVD-2026-10511
An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiAnalyzer Cloud 7.6.0 through 7.6.3, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2.2 through 7.2.10, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11, FortiManager Cloud 7.6.0 through 7.6.3, FortiManager Cloud 7.4.0 through 7.4.7, FortiManager Cloud 7.2.2 through 7.2.10 may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 7.7
EUVD-2026-10513
A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 5.1
EUVD-2026-10515
An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 3.4
EUVD-2026-10517
An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7, FortiAnalyzer Cloud 7.2.1 through 7.2.10, FortiAnalyzer Cloud 7.0.1 through 7.0.14, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4 all versions, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiManager Cloud 7.6.2 through 7.6.3, FortiManager Cloud 7.4.1 through 7.4.7, FortiManager Cloud 7.2.1 through 7.2.10, FortiManager Cloud 7.0.1 through 7.0.14, FortiManager Cloud 6.4 all versions may allow an attacker to bypass bruteforce protections via exploitation of race conditions. The latter raises the complexity of practical exploitation.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 7.3
EUVD-2026-10520
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 5.0
EUVD-2025-208486
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unauthenticated attacker to bypass hostname restrictions via a specially crafted request.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 5.6
EUVD-2025-208487
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigData 7.6.0, FortiAnalyzer-BigData 7.4.0 through 7.4.4, FortiAnalyzer-BigData 7.2 all versions, FortiAnalyzer-BigData 7.0 all versions, FortiAnalyzer-BigData 6.4 all versions, FortiAnalyzer-BigData 6.2 all versions may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted requests.
Publisert: 10.03.2026SE DETALJER →
FORTINET CVSS: 5.5
EUVD-2025-208491
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communication Bridge 1.0 all versions may allow an unauthenticated attacker to read files accessible to the fortisoar user on a system where the agent is deployed, via sending a crafted request to the agent port.
Publisert: 10.03.2026SE DETALJER →
Trykk send inn, så sender vi deg oversikt over siste sårbarheter.