CVE-2024-23106 — CVSS 8.1 (high): An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10…
CVE-2025-59922 — CVSS 7.2 (high): An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet…
CVE-2026-39809 — CVSS 6.7 (medium): A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0…
CVE-2026-39810 — CVSS 6.0 (medium): A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information…
CVE-2019-16149 — CVSS 5.5 (medium): An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute…
CVE-2025-22859 — CVSS 5.3 (medium): A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may…
CVE-2024-36510 — CVSS 5.3 (medium): An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR…
CVE-2024-32119 — CVSS 4.8 (medium): An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated…
CVE-2023-48786 — CVSS 4.3 (medium): A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an…
CVE-2024-36506 — CVSS 3.7 (low): An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all…
CVE-2025-22855 — CVSS 2.7 (low): An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient…