Every CVE whose affected-product data names Fortinet Fortiproxy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (118)
CVE-2022-41331 — CVSS 9.8 (critical): A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a…
CVE-2025-22252 — CVSS 9.8 (critical): A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and…
CVE-2023-42789 — CVSS 9.8 (critical): A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0…
CVE-2023-33308 — CVSS 9.8 (critical): A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy…
CVE-2023-25610 — CVSS 9.8 (critical): A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3…
CVE-2024-48886 — CVSS 9.0 (critical): A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15…
CVE-2022-41335 — CVSS 8.8 (high): A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10…
CVE-2023-29181 — CVSS 8.8 (high): A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0…
CVE-2023-44250 — CVSS 8.8 (high): An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a…
CVE-2022-41330 — CVSS 8.8 (high): An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version…
CVE-2022-42476 — CVSS 8.2 (high): A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11…
CVE-2024-26009 — CVSS 8.1 (high): An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0…
CVE-2023-42790 — CVSS 8.1 (high): A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14…
CVE-2022-35843 — CVSS 8.1 (high): An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7…
CVE-2023-29183 — CVSS 8.0 (high): An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through…
CVE-2024-23112 — CVSS 8.0 (high): An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6…
CVE-2022-22299 — CVSS 7.8 (high): A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0…
CVE-2022-41327 — CVSS 7.8 (high): A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through…
CVE-2021-26110 — CVSS 7.8 (high): An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and…
CVE-2023-41677 — CVSS 7.5 (high): A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0…
CVE-2023-29180 — CVSS 7.5 (high): A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through…
CVE-2025-57740 — CVSS 7.5 (high): An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and…
CVE-2022-29055 — CVSS 7.5 (high): A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x…
CVE-2024-48884 — CVSS 7.5 (high): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through…
CVE-2024-26013 — CVSS 7.5 (high): A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through…
CVE-2021-41024 — CVSS 7.5 (high): A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an…
CVE-2024-26010 — CVSS 7.5 (high): A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator…
CVE-2024-26006 — CVSS 7.5 (high): An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and…
CVE-2025-25253 — CVSS 7.5 (high): An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and…
CVE-2023-22640 — CVSS 7.5 (high): A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through…
CVE-2023-37930 — CVSS 7.5 (high): Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in…
CVE-2024-50571 — CVSS 7.2 (high): A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer…
CVE-2024-52965 — CVSS 7.2 (high): A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5…
CVE-2023-36639 — CVSS 7.2 (high): A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions…
CVE-2024-45324 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9…
CVE-2021-22128 — CVSS 7.1 (high): An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote…
CVE-2024-23111 — CVSS 6.8 (medium): An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and…
CVE-2021-42757 — CVSS 6.7 (medium): A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated…
CVE-2021-43072 — CVSS 6.7 (medium): A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7…
CVE-2021-44170 — CVSS 6.7 (medium): A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8…
CVE-2022-43953 — CVSS 6.7 (medium): A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all…
CVE-2023-22639 — CVSS 6.7 (medium): A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through…
CVE-2021-22130 — CVSS 6.7 (medium): A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to…
CVE-2023-36640 — CVSS 6.7 (medium): A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all…
CVE-2023-40721 — CVSS 6.7 (medium): A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute…
CVE-2023-45583 — CVSS 6.7 (medium): A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all…
CVE-2023-46718 — CVSS 6.7 (medium): A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6…
CVE-2025-22862 — CVSS 6.7 (medium): An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11…
CVE-2025-67862 — CVSS 6.7 (medium): An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through…
CVE-2025-22254 — CVSS 6.6 (medium): An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through…
CVE-2023-45584 — CVSS 6.6 (medium): A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12…
CVE-2024-47570 — CVSS 6.6 (medium): An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all…
CVE-2023-33306 — CVSS 6.5 (medium): A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10…
CVE-2023-36641 — CVSS 6.5 (medium): A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all…
CVE-2023-29179 — CVSS 6.5 (medium): A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version…
CVE-2023-33307 — CVSS 6.5 (medium): A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to…
CVE-2022-45861 — CVSS 6.5 (medium): An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version…
CVE-2022-42474 — CVSS 6.5 (medium): A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before…
CVE-2025-22258 — CVSS 6.5 (medium): A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1…
CVE-2024-54021 — CVSS 6.5 (medium): An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0…
CVE-2023-28002 — CVSS 6.4 (medium): An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all…
CVE-2021-26103 — CVSS 6.3 (medium): An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below…
CVE-2021-43081 — CVSS 6.1 (medium): An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below…
CVE-2025-61624 — CVSS 6.0 (medium): An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through…
CVE-2024-50568 — CVSS 5.9 (medium): A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and…
CVE-2019-17656 — CVSS 5.4 (medium): A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x…
CVE-2018-13381 — CVSS 5.3 (medium): A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy…
CVE-2020-6648 — CVSS 5.3 (medium): A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy…
CVE-2025-25248 — CVSS 5.3 (medium): An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and…
CVE-2024-55599 — CVSS 5.3 (medium): An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all…
CVE-2024-26008 — CVSS 5.3 (medium): An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7…
CVE-2024-26011 — CVSS 5.3 (medium): A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through…
CVE-2023-41675 — CVSS 5.3 (medium): A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version…
CVE-2022-41329 — CVSS 5.3 (medium): An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1…
CVE-2025-25255 — CVSS 5.3 (medium): An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3…
CVE-2023-45586 — CVSS 5.0 (medium): An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through…
CVE-2022-43947 — CVSS 5.0 (medium): An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and…
CVE-2023-33305 — CVSS 4.9 (medium): A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through…
CVE-2023-29175 — CVSS 4.8 (medium): An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and…
CVE-2022-39948 — CVSS 4.8 (medium): An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all…
CVE-2025-31366 — CVSS 4.7 (medium): An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through…
CVE-2021-26092 — CVSS 4.7 (medium): Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0…
CVE-2022-23439 — CVSS 4.7 (medium): A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via…
CVE-2018-13380 — CVSS 4.7 (medium): A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet…
CVE-2025-54822 — CVSS 4.3 (medium): An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8…
CVE-2021-43074 — CVSS 4.3 (medium): An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all…
CVE-2021-42755 — CVSS 4.3 (medium): An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2…
CVE-2024-33510 — CVSS 4.3 (medium): An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS…
CVE-2023-29178 — CVSS 4.3 (medium): A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS…
CVE-2021-43206 — CVSS 4.3 (medium): A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x…
CVE-2024-47569 — CVSS 4.3 (medium): A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6…
CVE-2022-38378 — CVSS 4.2 (medium): An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and before 7.0.7 and FortiProxy version 7.2.0…
CVE-2022-42472 — CVSS 4.2 (medium): A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2…
CVE-2023-22641 — CVSS 4.1 (medium): A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9…
CVE-2019-15706 — CVSS 4.1 (medium): An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below…
CVE-2022-45862 — CVSS 3.7 (low): An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions…
CVE-2024-26015 — CVSS 3.4 (low): An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and…
CVE-2023-26207 — CVSS 3.3 (low): An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through…
CVE-2022-29054 — CVSS 3.3 (low): A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version…
CVE-2023-29184 — CVSS 3.2 (low): An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before…
CVE-2024-50565 — CVSS 3.1 (low): A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through…
CVE-2023-47536 — CVSS 3.1 (low): An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and…
CVE-2025-31514 — CVSS 2.7 (low): A insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS…
CVE-2025-47890 — CVSS 2.6 (low): An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through…
CVE-2025-54821 — CVSS 1.9 (low): An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through…
CVE-2024-21754 — CVSS 1.8 (low): A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all…