CVE-2026-35616: Fortinet FortiClient EMS における不適切なアクセス制御の脆弱性の悪用が確認される
Exploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices.
CVE-2025-64155: Fortinet の「FortiSIEM」の深刻なコマンドインジェクション脆弱性に対するエクスプロイトコードが公開される
Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have…
CVE-2025-64446: フォーティネット FortiWeb のゼロデイパストラバーサル脆弱性の悪用が確認される
Fortinet has released an advisory for a recently disclosed zero-day path traversal vulnerability which has been exploited in the wild. 直ちにパッチを適用するようにしてください。
CVE-2025-25256: Fortinet FortiSIEM の緊急なコマンドインジェクション脆弱性に対する概念実証が公開される
Exploit code is reportedly available for a critical command injection vulnerability affecting Fortinet FortiSIEM devices.BackgroundOn August 12, Fortinet published a security advisory (FG-IR-25-152) for CVE-2025-25256, a critical command injection vulnerability affecting Fortinet FortiSIEM…
CVE-2025-32756: Fortinet の複数製品におけるゼロデイ脆弱性の悪用が確認される
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.
CVE-2024-55591: フォーティネットの認証バイパスのゼロデイ脆弱性の悪用が確認される
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024.
2024 年マイクロソフト月例セキュリティ更新プログラム、一年の振り返り
Microsoft addressed over 1000 CVEs as part of Patch Tuesday releases in 2024, including 22 zero-day vulnerabilities.
Volt Typhoon: 米国重要インフラが国家支援を受ける脅威アクターにより標的とされる
Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor.
CVE-2024-47575: FortiManager および FortiManager Cloud における FortiJump ゼロデイ脆弱性に関するよくある質問
Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.
Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs
Microsoft addresses 49 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. Our counts omitted two CVEs that were not issued by Microsoft, which include CVE-2023-50868 (issued by MITRE) and CVE-2024-29187 (issued by GitHub).
CVE-2024-4358、CVE-2024-1800: Progress Telerik Report Server の重大なエクスプロイトチェーンのエクスプロイトコードがリリース
Researchers have released an exploit chain to achieve remote code execution on unpatched instances of Progress Telerik Report Server. Immediate patching is recommended.
マイクロソフトの 2024 年 4 月月例セキュリティ更新プログラム: 147 件の CVE を修正 (CVE-2024-29988)
Microsoft addresses 147 CVEs in its April 2024 Patch Tuesday release with three critical vulnerabilities and no zero-day or publicly disclosed vulnerabilities.