Every CVE whose affected-product data names Fortinet Fortiadc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2023-37933 — CVSS 8.8 (high): An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version…
CVE-2022-38374 — CVSS 8.8 (high): A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4…
CVE-2022-39947 — CVSS 8.8 (high): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through…
CVE-2023-26205 — CVSS 8.1 (high): An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions…
CVE-2022-35851 — CVSS 8.0 (high): An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a…
CVE-2023-27999 — CVSS 7.8 (high): An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may…
CVE-2022-35849 — CVSS 7.8 (high): An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0…
CVE-2022-22299 — CVSS 7.8 (high): A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0…
CVE-2023-26210 — CVSS 7.8 (high): Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability…
CVE-2022-40679 — CVSS 7.8 (high): An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions…
CVE-2022-27482 — CVSS 7.8 (high): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through…
CVE-2023-25607 — CVSS 7.8 (high): An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0…
CVE-2023-50178 — CVSS 7.4 (high): An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2…
CVE-2025-49813 — CVSS 7.2 (high): An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC…
CVE-2025-31104 — CVSS 7.2 (high): An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0…
CVE-2023-41673 — CVSS 7.1 (high): An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to…
CVE-2021-42757 — CVSS 6.7 (medium): A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated…
CVE-2022-43948 — CVSS 6.7 (medium): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through…
CVE-2023-28000 — CVSS 6.7 (medium): An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3…
CVE-2023-29177 — CVSS 6.7 (medium): Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and…
CVE-2025-48839 — CVSS 6.6 (medium): An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all…
CVE-2025-59921 — CVSS 6.5 (medium): An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and…
CVE-2021-43076 — CVSS 6.3 (medium): An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and…
CVE-2023-27993 — CVSS 6.0 (medium): A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary…
CVE-2023-50180 — CVSS 5.5 (medium): An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below…
CVE-2022-33876 — CVSS 5.4 (medium): Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version…
CVE-2022-26120 — CVSS 5.4 (medium): Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC…
CVE-2022-27484 — CVSS 5.4 (medium): A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to…
CVE-2019-6699 — CVSS 5.4 (medium): An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross…
CVE-2023-25603 — CVSS 5.4 (medium): A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and…
CVE-2022-33875 — CVSS 5.4 (medium): An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0…
CVE-2021-32591 — CVSS 5.3 (medium): A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1…
CVE-2022-38381 — CVSS 5.3 (medium): An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all…
CVE-2023-50181 — CVSS 4.9 (medium): An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only…
CVE-2023-50179 — CVSS 4.8 (medium): An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may…
CVE-2025-58412 — CVSS 4.7 (medium): A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0…
CVE-2022-23439 — CVSS 4.7 (medium): A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via…
CVE-2021-24024 — CVSS 4.3 (medium): A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC…
CVE-2025-54971 — CVSS 4.3 (medium): An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC…
CVE-2020-15935 — CVSS 4.3 (medium): A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated…
CVE-2024-36511 — CVSS 3.7 (low): An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through…
CVE-2022-43952 — CVSS 3.5 (low): An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1…