Vulnerabilidades em Fortinet
933 resultadosCVE-2025-54353MEDIUMAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet ForEPSS 5.4%CVE-2019-6693MEDIUMUse of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to theEPSS 5.4%KEVCVE-2023-42791HIGHA relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 anEPSS 4.2%CVE-2021-24019HIGHAn insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attackeEPSS 3.8%CVE-2024-21754LOWA use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all verEPSS 3.5%CVE-2021-32588CRITICALA use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions EPSS 3.3%CVE-2020-29016—A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote atEPSS 3.3%CVE-2023-42789CRITICALA out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 througEPSS 3.3%CVE-2024-23109CRITICALAn improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to EPSS 3.2%CVE-2021-26104HIGHMultiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and alEPSS 3.2%CVE-2025-24472HIGHAn Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.EPSS 3.0%KEVCVE-2022-39947HIGHA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.EPSS 2.9%CVE-2022-33874CRITICALAn improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login componenEPSS 2.8%CVE-2022-33872CRITICALAn improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login compoEPSS 2.8%CVE-2024-23666HIGHA client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData
at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0EPSS 2.7%CVE-2023-48782HIGHA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.EPSS 2.7%CVE-2019-5589—An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attaEPSS 2.6%CVE-2023-29180HIGHA null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14EPSS 2.6%CVE-2022-30303HIGHAn improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.EPSS 2.5%CVE-2022-33873MEDIUMAn improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login compEPSS 2.5%