Vulnerabilities in Fortinet
933 resultsCVE-2025-58693MEDIUMAn improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, EPSS 0.6%CVE-2021-32597MEDIUMMultiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and beEPSS 0.6%CVE-2020-9287—An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the dirEPSS 0.6%CVE-2021-26116MEDIUMAn improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator befEPSS 0.6%CVE-2020-6641MEDIUMTwo authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow EPSS 0.6%CVE-2021-36178MEDIUMA insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devicesEPSS 0.6%CVE-2022-43951MEDIUMAn exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 anEPSS 0.6%CVE-2023-33307MEDIUMA null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to dEPSS 0.6%CVE-2024-26011MEDIUMA missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.EPSS 0.6%CVE-2023-37934MEDIUMAn allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attackeEPSS 0.6%CVE-2024-46669LOWAn Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b ForEPSS 0.6%CVE-2025-49201HIGHA weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all veEPSS 0.6%CVE-2022-38376MEDIUMMultiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC EPSS 0.6%CVE-2021-36175MEDIUMAn improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote aEPSS 0.6%CVE-2023-26205HIGHAn improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6EPSS 0.6%CVE-2022-29060HIGHA use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1EPSS 0.6%CVE-2024-56497MEDIUMAn improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7EPSS 0.6%CVE-2024-40591HIGHAn incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and beEPSS 0.6%CVE-2023-23778MEDIUMA relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions mEPSS 0.6%CVE-2022-41336MEDIUMAn improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all vEPSS 0.6%