CVE-2023-25610 — CVSS 9.8 (critical): A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3…
CVE-2024-48886 — CVSS 9.0 (critical): A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15…
CVE-2021-32603 — CVSS 8.8 (high): A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below…
CVE-2020-12817 — CVSS 8.8 (high): An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to…
CVE-2021-32589 — CVSS 8.1 (high): A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10…
CVE-2022-39950 — CVSS 8.0 (high): An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all…
CVE-2023-42788 — CVSS 7.8 (high): An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager &…
CVE-2023-25607 — CVSS 7.8 (high): An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0…
CVE-2021-26104 — CVSS 7.8 (high): Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and…
CVE-2019-17657 — CVSS 7.5 (high): An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3…
CVE-2023-22642 — CVSS 7.5 (high): An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5…
CVE-2024-23666 — CVSS 7.5 (high): A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and…
CVE-2020-9289 — CVSS 7.5 (high): Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3…
CVE-2024-26013 — CVSS 7.5 (high): A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through…
CVE-2024-45331 — CVSS 7.3 (high): A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0…
CVE-2024-50563 — CVSS 7.3 (high): A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud…
CVE-2024-50571 — CVSS 7.2 (high): A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer…
CVE-2026-22572 — CVSS 7.2 (high): An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer…
CVE-2025-68648 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through…
CVE-2025-61848 — CVSS 7.2 (high): An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0…
CVE-2022-27483 — CVSS 7.2 (high): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through…
CVE-2024-45330 — CVSS 7.2 (high): A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to…
CVE-2024-40584 — CVSS 7.2 (high): An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet…
CVE-2024-36512 — CVSS 7.2 (high): An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through…
CVE-2024-35273 — CVSS 7.2 (high): A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to…
CVE-2023-41838 — CVSS 7.1 (high): An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3…
CVE-2022-42477 — CVSS 7.1 (high): An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may…
CVE-2025-68482 — CVSS 6.9 (medium): A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8…
CVE-2021-42757 — CVSS 6.7 (medium): A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated…
CVE-2022-26118 — CVSS 6.7 (medium): A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may…
CVE-2025-48418 — CVSS 6.7 (medium): A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0…
CVE-2024-32123 — CVSS 6.7 (medium): Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer…
CVE-2024-32118 — CVSS 6.7 (medium): Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet…
CVE-2023-41842 — CVSS 6.7 (medium): A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute…
CVE-2021-43072 — CVSS 6.7 (medium): A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7…
CVE-2021-24022 — CVSS 6.7 (medium): A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7…
CVE-2024-31496 — CVSS 6.7 (medium): A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer…
CVE-2024-33503 — CVSS 6.7 (medium): A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0…
CVE-2024-35275 — CVSS 6.6 (medium): A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through…
CVE-2018-1354 — CVSS 6.5 (medium): An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below…
CVE-2024-40585 — CVSS 6.5 (medium): An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below…
CVE-2023-44256 — CVSS 6.5 (medium): A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8…
CVE-2025-53845 — CVSS 6.5 (medium): An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an…
CVE-2023-25606 — CVSS 6.5 (medium): An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager…
CVE-2023-42787 — CVSS 6.5 (medium): A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and…
CVE-2024-33502 — CVSS 6.5 (medium): An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0…
CVE-2018-13375 — CVSS 6.1 (medium): An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an…
CVE-2018-1355 — CVSS 6.1 (medium): An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions…
CVE-2020-12811 — CVSS 6.1 (medium): An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0…
CVE-2024-21757 — CVSS 6.1 (medium): A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0…
CVE-2025-49784 — CVSS 6.0 (medium): An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0…
CVE-2024-40593 — CVSS 6.0 (medium): A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0…
CVE-2024-36508 — CVSS 6.0 (medium): An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version…
CVE-2025-68649 — CVSS 6.0 (medium): An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through…
CVE-2024-33505 — CVSS 5.6 (medium): A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0…
CVE-2024-35276 — CVSS 5.6 (medium): A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0…
CVE-2022-27490 — CVSS 5.4 (medium): A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version…
CVE-2020-6640 — CVSS 5.4 (medium): An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to…
CVE-2020-12815 — CVSS 5.4 (medium): An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script…
CVE-2022-22305 — CVSS 5.4 (medium): An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below…
CVE-2024-52962 — CVSS 5.3 (medium): An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below…
CVE-2023-42782 — CVSS 5.3 (medium): A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote…
CVE-2025-67604 — CVSS 5.3 (medium): A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8…
CVE-2025-54973 — CVSS 5.3 (medium): A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet…
CVE-2024-32116 — CVSS 5.1 (medium): Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5…
CVE-2023-44253 — CVSS 5.0 (medium): An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1…
CVE-2023-44254 — CVSS 5.0 (medium): An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and…
CVE-2024-32117 — CVSS 4.9 (medium): An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version…
CVE-2023-23776 — CVSS 4.6 (medium): An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0…
CVE-2021-32597 — CVSS 4.6 (medium): Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and…
CVE-2021-24021 — CVSS 4.3 (medium): An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below…
CVE-2023-44249 — CVSS 4.3 (medium): An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and…
CVE-2023-36638 — CVSS 4.3 (medium): An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11…
CVE-2023-25609 — CVSS 4.3 (medium): A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through…
CVE-2022-38377 — CVSS 4.3 (medium): An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9…
CVE-2022-30304 — CVSS 4.3 (medium): An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and…
CVE-2022-22300 — CVSS 4.3 (medium): A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version…
CVE-2021-32598 — CVSS 4.3 (medium): An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer…
CVE-2021-32587 — CVSS 4.3 (medium): An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11…
CVE-2024-33501 — CVSS 4.2 (medium): Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer…
CVE-2023-44255 — CVSS 4.1 (medium): An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2…
CVE-2023-40719 — CVSS 4.1 (medium): A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an…
CVE-2020-12814 — CVSS 4.1 (medium): A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below…
CVE-2023-25611 — CVSS 4.0 (medium): A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0…
CVE-2026-22629 — CVSS 3.7 (low): An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4…
CVE-2022-26121 — CVSS 3.7 (low): An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through…
CVE-2021-36170 — CVSS 3.2 (low): An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an…
CVE-2024-50565 — CVSS 3.1 (low): A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through…
CVE-2025-24474 — CVSS 2.7 (low): An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0…
CVE-2024-35274 — CVSS 2.3 (low): An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions…
CVE-2024-52966 — CVSS 2.3 (low): An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause…