fortinet

1,125 tracked vulnerabilities.

CVE-2024-23667 HIGH
FortiWebManager 6.2.3-6.2.4, 6.3.0, 7.0.0-7.0.4, 7.2.0 - Improper Authorization
Jun 03, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-23665 MEDIUM
FortiWeb < 6.3.23 - Authenticated Improper Authorization via ADOM Operations
Jun 03, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-23664 MEDIUM
FortiAuthenticator 6.4.0-6.4.9, 6.5.0-6.5.3, 6.6.0 - Open Redirect via Crafted URL
Jun 03, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-31493 MEDIUM
FortiSOAR 7.0.0-7.3.0 - Authenticated Information Disclosure via HTTP Response
Jun 03, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-23107 MEDIUM
FortiWeb 6.3.0-6.3.22, 7.0.0-7.0.8, 7.2.0-7.2.4, 7.4.0 - Authenticated Password Hash Exposure via CLI Commands
Jun 03, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-31491 HIGH
FortiSandbox 4.2.1-4.2.6 and 4.4.0-4.4.4 - Unauthenticated Remote Code Execution via HTTP Requests
May 14, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-31488 MEDIUM
FortiNAC Multiple Versions - Authenticated Stored and Reflected XSS via HTTP Requests
May 14, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-26007 MEDIUM
FortiOS 7.4.1 - Unauthenticated Denial of Service via Crafted HTTP Requests
May 14, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-23105 HIGH
Fortinet FortiPortal <7.0.6, <7.2.1 - SSRF
May 14, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3661 HIGH
FortiClient 6.4.0-7.2.4 - Unauthenticated VPN Traffic Leak via DHCP Classless Static Route Option
May 06, 2024
CVSS 7.6
EPSS 0.04
CVE-2024-31492 HIGH
FortiClientMac <7.2.3, <7.0.10 - Code Injection
Apr 10, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-31487 MEDIUM
FortiSandbox 2.4.0-4.2.6, 4.4.0-4.4.4 - Path Traversal via Crafted HTTP Requests
Apr 09, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-23671 HIGH
Fortinet FortiSandbox 4.0.0-4.0.4, 4.2.1-4.2.6, 4.4.0-4.4.3 - Path Traversal via Crafted HTTP Requests
Apr 09, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-23662 MEDIUM
FortiOS 6.4.0-6.4.15, 7.0.0-7.0.15, 7.2.0-7.2.5, 7.4.0-7.4.1 - Exposure of Sensitive Information via HTTP Requests
Apr 09, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-21756 HIGH
Fortinet FortiSandbox 4.0.0-4.0.4, 4.2.1-4.2.6, 4.4.0-4.4.3 - OS Command Injection via Crafted Requests
Apr 09, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-21755 HIGH
FortiSandbox 4.0.0-4.0.4, 4.2.1-4.2.6, 4.4.0-4.4.3 - OS Command Injection via Crafted Requests
Apr 09, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-23112 HIGH
FortiOS/FortiProxy SSL-VPN Auth Bypass via URL Manipulation
Mar 12, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-21761 MEDIUM
FortiPortal 7.0.0-7.0.6 and 7.2.0 - Improper Authorization via Request Payload Modification
Mar 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-23113 CRITICAL KEV
Fortinet FortiOS/FortiProxy/FortiPAM/FortiSwitchManager Format String Vulnerability via Crafted Packets
Feb 15, 2024
CVSS 9.8
EPSS 0.62
CVE-2024-21762 CRITICAL KEV
FortiOS/FortiProxy Out-of-bounds Write Vulnerability
Feb 09, 2024
CVSS 9.8
EPSS 0.83
CVE-2024-23109 CRITICAL
FortiSIEM - OS Command Injection via Crafted API Requests
Feb 05, 2024
CVSS 10.0
EPSS 0.03
CVE-2024-23108 CRITICAL NUCLEI
Fortinet FortiSIEM - OS Command Injection
Feb 05, 2024
CVSS 10.0
EPSS 0.78
CVE-2023-46718 MEDIUM
Fortinet FortiOS <7.4.1-6.0.18 - Buffer Overflow
Oct 14, 2025
CVSS 6.7
EPSS 0.00
CVE-2023-45584 MEDIUM
Fortinet Fortios < 7.0.13 - Double Free
Aug 12, 2025
CVSS 6.6
EPSS 0.01
CVE-2023-48786 MEDIUM
Fortinet FortiClientEMS <7.4.3 - SSRF
Jun 10, 2025
CVSS 4.3
EPSS 0.00