CVE-2016-6909 — CVSS 9.8 (critical): Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch…
CVE-2023-25610 — CVSS 9.8 (critical): A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3…
CVE-2023-37936 — CVSS 9.8 (critical): A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0…
CVE-2024-48887 — CVSS 9.8 (critical): A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin…
CVE-2022-27488 — CVSS 8.3 (high): A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0…
CVE-2023-37937 — CVSS 7.8 (high): An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and…
CVE-2019-17657 — CVSS 7.5 (high): An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3…
CVE-2021-42757 — CVSS 6.7 (medium): A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated…
CVE-2021-26111 — CVSS 6.5 (medium): A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11…
CVE-2022-27490 — CVSS 5.4 (medium): A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version…
CVE-2022-23439 — CVSS 4.7 (medium): A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via…
CVE-2021-43074 — CVSS 4.3 (medium): An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all…
CVE-2021-42755 — CVSS 4.3 (medium): An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2…