Filtered by vendor Fortinet
Subscriptions
Total
1052 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22252 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2025-06-04 | 9 Critical |
| A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass. | ||||
| CVE-2024-54020 | 1 Fortinet | 1 Fortimanager | 2025-06-04 | 2.1 Low |
| A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests. | ||||
| CVE-2023-46712 | 1 Fortinet | 1 Fortiportal | 2025-06-03 | 6.3 Medium |
| A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | ||||
| CVE-2023-47536 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-05-22 | 2.8 Low |
| An improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny geolocalisation policy via timing the bypass with a GeoIP database update. | ||||
| CVE-2016-8491 | 1 Fortinet | 1 Fortiwlc | 2025-04-20 | N/A |
| The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | ||||
| CVE-2016-7541 | 1 Fortinet | 1 Fortios | 2025-04-20 | N/A |
| Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. | ||||
| CVE-2017-14189 | 1 Fortinet | 1 Fortiweb Manager | 2025-04-20 | N/A |
| An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | ||||
| CVE-2017-7735 | 1 Fortinet | 1 Fortios | 2025-04-20 | N/A |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. | ||||
| CVE-2017-7733 | 1 Fortinet | 1 Fortios | 2025-04-20 | N/A |
| A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. | ||||
| CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | N/A |
| A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | ||||
| CVE-2017-7344 | 1 Fortinet | 1 Forticlient | 2025-04-20 | N/A |
| A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. | ||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | N/A |
| An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | ||||
| CVE-2017-14184 | 1 Fortinet | 2 Forticlient, Forticlient Sslvpn Client | 2025-04-20 | N/A |
| An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | ||||
| CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | N/A |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | ||||
| CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | N/A |
| A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | ||||
| CVE-2017-7336 | 1 Fortinet | 1 Fortiwlm | 2025-04-20 | N/A |
| A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | ||||
| CVE-2017-3133 | 1 Fortinet | 1 Fortios | 2025-04-20 | N/A |
| A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. | ||||
| CVE-2017-3130 | 1 Fortinet | 1 Fortios | 2025-04-20 | N/A |
| An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. | ||||
| CVE-2017-3128 | 1 Fortinet | 1 Fortios | 2025-04-20 | N/A |
| A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | ||||
| CVE-2017-3127 | 1 Fortinet | 1 Fortios | 2025-04-20 | N/A |
| A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | ||||