Filtered by vendor Fortinet
Subscriptions
Total
1045 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22859 | 1 Fortinet | 2 Forticlientems, Forticlientems Cloud | 2025-07-16 | 5 Medium |
| A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. | ||||
| CVE-2024-52968 | 1 Fortinet | 2 Forticlient, Forticlientmac | 2025-07-16 | 5.8 Medium |
| An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. | ||||
| CVE-2024-40586 | 1 Fortinet | 2 Forticlient, Forticlientwindows | 2025-07-16 | 6.3 Medium |
| An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. | ||||
| CVE-2024-27780 | 1 Fortinet | 1 Fortisiem | 2025-07-16 | 2.2 Low |
| Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests. | ||||
| CVE-2024-23106 | 1 Fortinet | 1 Forticlientems | 2025-07-16 | 7.7 High |
| An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests. | ||||
| CVE-2024-46667 | 1 Fortinet | 1 Fortisiem | 2025-07-16 | 6.9 Medium |
| A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. | ||||
| CVE-2024-47572 | 1 Fortinet | 1 Fortisoar | 2025-07-16 | 8.3 High |
| An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file | ||||
| CVE-2023-40714 | 1 Fortinet | 1 Fortisiem | 2025-07-15 | 9.7 Critical |
| A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements | ||||
| CVE-2019-16149 | 1 Fortinet | 1 Forticlientems | 2025-07-15 | 5.4 Medium |
| An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system. | ||||
| CVE-2023-45588 | 1 Fortinet | 2 Forticlient, Forticlientmac | 2025-07-15 | 7.8 High |
| An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | ||||
| CVE-2019-17659 | 1 Fortinet | 1 Fortisiem | 2025-07-15 | 3.6 Low |
| A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image. | ||||
| CVE-2023-41842 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Big Data, Fortimanager and 1 more | 2025-07-11 | 6.3 Medium |
| A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
| CVE-2023-48783 | 1 Fortinet | 1 Fortiportal | 2025-06-17 | 4.9 Medium |
| An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | ||||
| CVE-2023-37934 | 1 Fortinet | 1 Fortipam | 2025-06-17 | 4.2 Medium |
| An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency. | ||||
| CVE-2024-50564 | 1 Fortinet | 1 Forticlient | 2025-06-11 | 3.2 Low |
| A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. | ||||
| CVE-2023-28002 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-06-11 | 5.8 Medium |
| An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | ||||
| CVE-2023-34990 | 1 Fortinet | 1 Fortiwlm | 2025-06-05 | 9.6 Critical |
| A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. | ||||
| CVE-2025-24473 | 1 Fortinet | 1 Forticlient | 2025-06-04 | 4.8 Medium |
| A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) | ||||
| CVE-2025-25251 | 1 Fortinet | 1 Forticlient | 2025-06-04 | 7.4 High |
| An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | ||||
| CVE-2025-46777 | 1 Fortinet | 1 Fortiportal | 2025-06-04 | 2.2 Low |
| A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. | ||||