CVE-2024-48886 — CVSS 9.0 (critical): A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15…
CVE-2024-46662 — CVSS 8.8 (high): A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through…
CVE-2024-35277 — CVSS 8.6 (high): A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through…
CVE-2026-22828 — CVSS 8.1 (high): A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may…
CVE-2024-48884 — CVSS 7.5 (high): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through…
CVE-2024-45331 — CVSS 7.3 (high): A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0…
CVE-2024-50563 — CVSS 7.3 (high): A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud…
CVE-2024-35273 — CVSS 7.2 (high): A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to…
CVE-2024-50566 — CVSS 7.2 (high): A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud…
CVE-2025-61848 — CVSS 7.2 (high): An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0…
CVE-2024-50571 — CVSS 7.2 (high): A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer…
CVE-2024-48889 — CVSS 7.2 (high): An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager…
CVE-2025-68648 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through…
CVE-2026-22572 — CVSS 7.2 (high): An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer…
CVE-2024-40584 — CVSS 7.2 (high): An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet…
CVE-2024-33503 — CVSS 6.7 (medium): A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0…
CVE-2025-48418 — CVSS 6.7 (medium): A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0…
CVE-2024-35275 — CVSS 6.6 (medium): A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through…
CVE-2025-68649 — CVSS 6.0 (medium): An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through…
CVE-2024-35276 — CVSS 5.6 (medium): A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0…
CVE-2024-33505 — CVSS 5.6 (medium): A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0…
CVE-2024-52964 — CVSS 5.5 (medium): An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version…
CVE-2024-47569 — CVSS 4.3 (medium): A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6…
CVE-2024-33504 — CVSS 4.1 (medium): A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through…
CVE-2026-22629 — CVSS 3.7 (low): An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4…
CVE-2025-24474 — CVSS 2.7 (low): An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0…