Fortinet

CVE-2026-21643 is a critical SQL injection vulnerability (CWE-89) in Fortinet FortiClientEMS 7.4.4, allowing unauthenticated attackers to execute unauthorized c…

CVE-2026-24858 is a critical authentication bypass vulnerability affecting multiple versions of Fortinet FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and F…

CVE-2026-35616 is a critical improper access control vulnerability (CWE-284) in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6, allowing unauthenticated a…

CVE-2018-13374 is an improper access control vulnerability (CWE-732) in Fortinet FortiOS versions 6.0.2, 5.6.7 and earlier, and FortiADC versions 6.1.0, 6.0.0 t…

CVE-2018-13379 is a critical path traversal vulnerability (CWE-22) in Fortinet FortiOS versions 6.0.0-6.0.4, 5.6.3-5.6.7, 5.4.6-5.4.12, and FortiProxy versions …

CVE-2018-13382 is a critical improper authorization vulnerability (CWE-863) affecting Fortinet FortiOS versions 6.0.0-6.0.4, 5.6.0-5.6.8, 5.4.1-5.4.10, and Fort…

CVE-2018-13383 is a memory corruption vulnerability (CWE-787) affecting Fortinet FortiOS versions 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.1…

CVE-2019-5591 is a vulnerability in Fortinet FortiOS that is currently listed on CISA's Known Exploited Vulnerabilities catalog as actively exploited in the wil…

CVE-2019-6693 is a crypto-weakness in Fortinet FortiOS where the use of a hard-coded cryptographic key in configuration backup files allows attackers to deciphe…

CVE-2020-12812 is a critical authentication bypass vulnerability in Fortinet FortiOS SSL VPN affecting versions 6.4.0, 6.2.0 through 6.2.3, and 6.0.9 and below.…

CVE-2021-44168 is a vulnerability in FortiOS versions prior to 7.0.3 affecting the 'execute restore src-vis' command, allowing local authenticated attackers to …

CVE-2022-40684 is a critical authentication bypass vulnerability affecting Fortinet FortiOS versions 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy ver…

CVE-2022-41328 is a path traversal vulnerability (CWE-22) in Fortinet FortiOS versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.9, and prior to 6.4.11. It allows …

CVE-2022-42475 is a critical heap-based buffer overflow vulnerability in Fortinet FortiOS and FortiProxy SSL-VPN components, affecting versions 7.2.0 through 7.…

CVE-2023-27997 is a critical heap-based buffer overflow vulnerability affecting FortiOS and FortiProxy SSL-VPN services across multiple version branches. The fl…

CVE-2023-48788 is a critical SQL injection vulnerability (CWE-89) affecting Fortinet FortiClient EMS versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. The …

CVE-2024-21762 is a critical out-of-bounds write vulnerability (CWE-787) affecting Fortinet FortiOS and FortiProxy versions across multiple release branches, al…

CVE-2024-23113 is a critical remote code execution vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products, classified as CWE-1…

CVE-2024-47575 is a critical authentication bypass vulnerability (CWE-306) affecting multiple versions of Fortinet FortiManager and FortiManager Cloud, allowing…

CVE-2024-55591 is a critical authentication bypass vulnerability affecting FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 an…

CVE-2025-24472 is a HIGH severity (CVSS 8.1) Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS versions 7.0.0 through 7.0…

CVE-2025-25257 is a critical SQL injection vulnerability (CWE-89) affecting Fortinet FortiWeb versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7…

CVE-2025-32756 is a critical stack-based buffer overflow vulnerability affecting multiple versions of Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, …

CVE-2025-58034 is a command injection vulnerability in Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.5, 7.4.0 through 7.4.10, 7.2.0 through …

CVE-2025-59718 is a critical authentication bypass vulnerability affecting multiple versions of Fortinet FortiOS, FortiProxy, and FortiSwitchManager products. I…

CVE-2025-64446 is a critical path traversal vulnerability (CWE-23) affecting Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.4, 7.4.0 through …

CVE-2025-64155 is a critical command injection vulnerability (CWE-78) in Fortinet FortiSIEM versions 6.7.0 through 7.4.0, allowing unauthorized code execution v…

CVE-2026-26083 is a critical missing authorization vulnerability (CWE-862) affecting multiple versions of Fortinet FortiSandbox and FortiSandbox PaaS. It allows…

CVE-2026-44277 is a critical improper access control vulnerability (CWE-284) in Fortinet FortiAuthenticator versions 8.0.0, 8.0.2, and 6.5.0 through 6.5.6, as w…

CVE-2025-53844 is a high-severity out-of-bounds write vulnerability (CWE-787) affecting Fortinet FortiOS versions 7.6.0 through 7.6.3 and 7.4.0 through 7.4.8, a…

CVE-2026-22153 is a HIGH severity (CVSS 8.1) authentication bypass vulnerability in Fortinet FortiOS versions 7.6.0 through 7.6.4. It allows unauthenticated att…

No NVD or KEV data was available for CVE-2026-24017. Consequently, no verified technical details regarding the vulnerability's nature, affected components, or s…

CVE-2025-53681 is a high-severity SQL injection vulnerability (CWE-89) affecting Fortinet FortiMail versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.5, and 7.2.0…

CVE-2025-66178 is a command injection vulnerability (CWE-78) in Fortinet FortiWeb versions 8.0.0 through 8.0.1, 7.6.0 through 7.6.5, 7.4.0 through 7.4.11, 7.2.0…

CVE-2026-25836 is a command injection vulnerability (CWE-78) in Fortinet FortiSandbox Cloud 5.0.4 and FortiSandbox PaaS 5.0.4. It allows a privileged attacker w…

CVE-2026-40688 is a high-severity out-of-bounds write vulnerability (CWE-787) affecting Fortinet FortiWeb versions 8.0.0 through 8.0.3, 7.6.0 through 7.6.6, and…

CVE-2026-39814 is a medium severity path traversal vulnerability (CWE-23) affecting Fortinet FortiWeb versions 8.0.0 through 8.0.2, 7.6.0 through 7.6.6, 7.4.1 t…

CVE-2026-24640 is a medium severity (CVSS 6.6) stack-based buffer overflow vulnerability affecting Fortinet FortiWeb versions 8.0.0 through 8.0.2, 7.6.0 through…

CVE-2026-30897 is a stack-based buffer overflow (CWE-121) in Fortinet FortiWeb versions 8.0.0-8.0.3, 7.6.0-7.6.6, 7.4.0-7.4.11, 7.2, and 7.0. It allows a remote…

CVE-2025-48840 is a MEDIUM severity authentication bypass vulnerability (CVSS 5.3) affecting Fortinet FortiWeb versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.8…

CVE-2025-67604 is a medium severity vulnerability (CVSS 5.3) affecting Fortinet FortiAnalyzer and FortiManager versions 6.4 through 7.6. It is classified as CWE…