Fortinet and Ivanti have released patches for a total of 18 vulnerabilities in their products, including three critical-severity bugs that could allow remote, unauthenticated attackers to execute code through crafted requests. The most serious flaws affect Fortinet's FortiAuthenticator and FortiSandbox products, as well as Ivanti's Xtraction tool, all with CVSS scores above 9. Both companies say they're not aware of any active exploitation in the wild, but the vulnerabilities could enable attackers to gain code execution or access sensitive files on affected systems.