Filtered by vendor Fortinet
Subscribe
Total
1051 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23106 | 1 Fortinet | 1 Forticlientems | 2025-07-16 | N/A | 8.1 HIGH |
| An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests. | |||||
| CVE-2024-46667 | 1 Fortinet | 1 Fortisiem | 2025-07-16 | N/A | 7.5 HIGH |
| A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. | |||||
| CVE-2024-47572 | 1 Fortinet | 1 Fortisoar | 2025-07-16 | N/A | 9.0 CRITICAL |
| An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file | |||||
| CVE-2023-40714 | 1 Fortinet | 1 Fortisiem | 2025-07-15 | N/A | 9.9 CRITICAL |
| A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements | |||||
| CVE-2019-16149 | 1 Fortinet | 1 Forticlientems | 2025-07-15 | N/A | 5.5 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system. | |||||
| CVE-2023-45588 | 1 Fortinet | 1 Forticlient | 2025-07-15 | N/A | 8.2 HIGH |
| An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | |||||
| CVE-2019-17659 | 1 Fortinet | 1 Fortisiem | 2025-07-15 | N/A | 3.7 LOW |
| A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image. | |||||
| CVE-2024-50564 | 1 Fortinet | 1 Forticlient | 2025-06-11 | N/A | 3.3 LOW |
| A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. | |||||
| CVE-2023-34990 | 1 Fortinet | 1 Fortiwlm | 2025-06-05 | N/A | 9.8 CRITICAL |
| A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. | |||||
| CVE-2025-25251 | 1 Fortinet | 1 Forticlient | 2025-06-04 | N/A | 7.8 HIGH |
| An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | |||||
| CVE-2025-46777 | 1 Fortinet | 1 Fortiportal | 2025-06-04 | N/A | 2.3 LOW |
| A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. | |||||
| CVE-2025-47294 | 1 Fortinet | 1 Fortios | 2025-06-04 | N/A | 5.3 MEDIUM |
| A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request. | |||||
| CVE-2025-47295 | 1 Fortinet | 1 Fortios | 2025-06-04 | N/A | 3.7 LOW |
| A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control. | |||||
| CVE-2025-22252 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2025-06-04 | N/A | 9.8 CRITICAL |
| A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass. | |||||
| CVE-2024-54020 | 1 Fortinet | 1 Fortimanager | 2025-06-04 | N/A | 2.3 LOW |
| A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests. | |||||
| CVE-2017-7335 | 1 Fortinet | 1 Fortiwlc | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. | |||||
| CVE-2017-3134 | 1 Fortinet | 1 Fortiwlc-sd | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | |||||
| CVE-2017-7737 | 1 Fortinet | 1 Fortiweb | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||||
| CVE-2017-7732 | 1 Fortinet | 1 Fortimail | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. | |||||
| CVE-2016-7542 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | |||||