Pulse Secure and Fortinet have issued advisories concerning critical vulnerabilities in their SSL VPNs that allow unauthenticated users to conduct file disclosures, potentially accessing sensitive information. Detectify, leveraging contributions from its Crowdsource hackers, checks websites for these vulnerabilities and alerts users if affected. Pulse Secure released patches for these vulnerabilities, including CVE-2019-11510, which is deemed critical, while Fortinet's similar vulnerability is known as CVE-2018-13379. These vulnerabilities were initially disclosed by security researchers Orange Tsai and Meh Chang during the Black Hat and DEFCON conferences, leading to public proof of concept (POC) submissions that Detectify incorporated into its scanning tools. Affected Pulse Secure versions include several releases of Pulse Connect Secure and Pulse Policy Secure, while Fortinet users with certain FortiOS versions running SSL VPN services are also impacted. Both companies urge immediate patching of affected systems to mitigate risks, with Fortinet recommending upgrades to specific FortiOS versions.