Vulnerabilities in Fortinet
933 resultsCVE-2023-41677HIGHA insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 EPSS 0.7%CVE-2023-44252HIGH** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and versiEPSS 0.7%CVE-2023-29181HIGHA use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 throEPSS 0.7%CVE-2021-43206MEDIUMA server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.xEPSS 0.7%CVE-2022-39946HIGHAn access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, EPSS 0.7%CVE-2017-3128—A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the poliEPSS 0.7%CVE-2025-22254MEDIUMAn Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6,EPSS 0.7%CVE-2020-15940MEDIUMAn improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remoteEPSS 0.7%CVE-2021-44172LOWAn exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 EPSS 0.7%CVE-2024-36510MEDIUMAn observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5EPSS 0.7%CVE-2022-43946HIGHMultiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check timeEPSS 0.7%CVE-2023-23781MEDIUMA stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML sEPSS 0.7%CVE-2026-22153HIGHAn Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauEPSS 0.7%CVE-2019-6696—An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to pEPSS 0.7%CVE-2019-16154—An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perfoEPSS 0.7%CVE-2024-23662MEDIUMAn exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 thEPSS 0.7%CVE-2022-29062MEDIUMMultiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to thEPSS 0.7%CVE-2021-26095HIGHThe combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, includinEPSS 0.7%CVE-2024-36504MEDIUMAn out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 aEPSS 0.7%CVE-2022-43954MEDIUMAn insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may EPSS 0.7%