Vulnerabilities in Fortinet

933 results

CVE-2018-13379CRITICALAn Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4EPSS 100.0%KEV CVE-2022-40684CRITICALAn authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.EPSS 100.0%KEV CVE-2022-39952CRITICALA external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11,EPSS 99.8%CVE-2022-42475CRITICALA heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.EPSS 99.5%KEV CVE-2024-55591CRITICALAn Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiEPSS 98.3%KEV CVE-2023-48788CRITICALA improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.EPSS 97.6%KEV CVE-2025-25257CRITICALAn improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet ForEPSS 96.7%KEV CVE-2024-47575CRITICALA missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FoEPSS 94.8%KEV CVE-2026-21643CRITICALAn improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may aEPSS 94.1%KEV CVE-2025-64446CRITICALA relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9EPSS 89.5%KEV CVE-2026-35616CRITICALA improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauEPSS 88.5%KEV CVE-2026-24858CRITICALAn Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.EPSS 85.8%KEV CVE-2023-27997CRITICALA heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below,EPSS 85.7%KEV CVE-2018-13382CRITICALAn Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 tEPSS 81.7%KEV CVE-2024-21762CRITICALA out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2EPSS 80.8%KEV CVE-2024-23108CRITICALAn improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to EPSS 78.4%CVE-2020-9294—An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a EPSS 77.8%CVE-2021-22123HIGHAn OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a rEPSS 77.3%CVE-2025-59718CRITICALA improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiEPSS 65.8%KEV CVE-2023-34992CRITICALA improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to eEPSS 65.5%

← previouspage 1 / 47next →