cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-24472,https://securityvulnerability.io/vulnerability/CVE-2025-24472,Authentication Bypass Vulnerability in FortiOS and FortiProxy Products,"A vulnerability exists in FortiOS and FortiProxy that allows remote attackers to gain unauthorized super-admin privileges. This vulnerability exploits crafted CSF proxy requests, potentially enabling attackers to bypass authentication protocols. The flaw affects versions 7.0.0 through 7.0.16 of FortiOS and various versions of FortiProxy, making it critical for users to update to secure their systems against unauthorized access.",Fortinet,"FortiOS,Fortiproxy",8.1,HIGH,0.0004299999854993075,false,,true,false,true,2025-02-11T20:25:59.000Z,false,true,false,,2025-02-11T16:50:42.207Z,2468
CVE-2024-27780,https://securityvulnerability.io/vulnerability/CVE-2024-27780,Cross-Site Scripting Vulnerabilities in FortiSIEM by Fortinet,"FortiSIEM by Fortinet has been identified with multiple vulnerabilities that allow for improper neutralization of input during web page generation, commonly referred to as Cross-site Scripting (XSS). These vulnerabilities, present in FortiSIEM versions 7.1, 7.0, and 6.7, could enable authenticated attackers to execute arbitrary scripts in the context of a user's session via specially crafted HTTP requests. This exploitation could lead to data theft, session hijacking, and other malicious actions.",Fortinet,Fortisiem,2.2,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:12.668Z,0
CVE-2024-27781,https://securityvulnerability.io/vulnerability/CVE-2024-27781,Cross-Site Scripting Vulnerability in Fortinet FortiSandbox,"An input validation flaw in Fortinet FortiSandbox versions ranging from 3.0.0 to 4.4.4 enables authenticated attackers to execute unauthorized commands through specially crafted HTTP requests. The vulnerability occurs due to improper handling of input during web page generation, allowing the execution of malicious scripts that can compromise the security of the affected system.",Fortinet,Fortisandbox,6.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:12.324Z,0
CVE-2024-40584,https://securityvulnerability.io/vulnerability/CVE-2024-40584,OS Command Injection Vulnerability in Fortinet FortiAnalyzer and FortiManager Products,"An OS command injection vulnerability allows an authenticated privileged attacker to execute unauthorized commands or code through specially crafted HTTP or HTTPS requests in multiple versions of Fortinet's FortiAnalyzer and FortiManager products. This flaw could lead to unauthorized access and execution of arbitrary commands, potentially compromising system integrity and data security.",Fortinet,"Fortianalyzer,Fortimanager",6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:07.423Z,0
CVE-2024-36508,https://securityvulnerability.io/vulnerability/CVE-2024-36508,Path Traversal Vulnerability in Fortinet FortiManager and FortiAnalyzer,"An improper limitation of a pathname vulnerability exists in Fortinet FortiManager and FortiAnalyzer, allowing an authenticated administrator with diagnose privileges to exploit this flaw. This vulnerability enables the deletion of files from the system, which can lead to significant security concerns. System administrators should ensure their installations are updated to the latest versions to mitigate these risks.",Fortinet,"Fortimanager,Fortianalyzer",5.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-11T16:09:07.321Z,0
CVE-2024-40586,https://securityvulnerability.io/vulnerability/CVE-2024-40586,Improper Access Control in FortiClient Windows by Fortinet,"An improper access control vulnerability exists in FortiClient Windows that could enable a local user to escalate their privileges. This can occur via the FortiSSLVPNd service pipe when versions 7.4.0, 7.2.6 and earlier, or 7.0.13 and earlier are used, leaving systems susceptible to unauthorized access and control.",Fortinet,Forticlientwindows,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:06.665Z,0
CVE-2023-40721,https://securityvulnerability.io/vulnerability/CVE-2023-40721,"Externally-Controlled Format String Vulnerability in Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager","A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager allowing privileged attackers to execute arbitrary code or commands. This occurs due to the improper handling of externally-controlled format strings, leaving the affected products susceptible to specially crafted requests that can manipulate program execution.",Fortinet,"FortiOS,Fortiswitchmanager,Fortiproxy,Fortipam",6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:06.077Z,0
CVE-2024-50567,https://securityvulnerability.io/vulnerability/CVE-2024-50567,OS Command Injection Vulnerability in Fortinet FortiWeb,"An improper neutralization of special elements used in OS commands in Fortinet FortiWeb versions 7.4.0 through 7.6.0 allows attackers to exploit crafted input, potentially leading to the execution of unauthorized commands. This vulnerability may expose sensitive data or systems to risk, highlighting the importance of timely updates and security measures.",Fortinet,Fortiweb,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:04.155Z,0
CVE-2024-33504,https://securityvulnerability.io/vulnerability/CVE-2024-33504,Cryptographic Flaw in FortiManager Affects Data Security,"A vulnerability has been identified in FortiManager that involves the use of hard-coded cryptographic keys for encrypting sensitive data. This issue affects multiple versions of FortiManager, allowing attackers with appropriate JSON API access to decrypt confidential information, even when the 'private-data-encryption' feature is supposed to be operational. This undermines the integrity and confidentiality of data, exposing it to potential unauthorized access.",Fortinet,Fortimanager,3.9,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:03.258Z,0
CVE-2024-35279,https://securityvulnerability.io/vulnerability/CVE-2024-35279,Remote Code Execution Vulnerability in Fortinet FortiOS,A stack-based buffer overflow vulnerability exists in Fortinet FortiOS versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. This issue allows remote unauthenticated attackers to execute arbitrary code or commands by sending specially crafted UDP packets through the CAPWAP control. The attacker can exploit this vulnerability if they evade the stack protections of FortiOS and if the fabric service is active on the exposed interface. It is crucial for users to update to the latest versions to mitigate this risk.,Fortinet,FortiOS,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:02.911Z,0
CVE-2024-40591,https://securityvulnerability.io/vulnerability/CVE-2024-40591,Privilege Escalation Vulnerability in Fortinet FortiOS,"An incorrect privilege assignment vulnerability in Fortinet FortiOS could allow an authenticated admin with the Security Fabric permission to escalate their privileges to super-admin. This can occur when the compromised FortiGate device connects to a malicious upstream FortiGate controlled by an attacker, creating a significant security risk for organizations reliant on Fortinet's infrastructure.",Fortinet,FortiOS,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:02.843Z,731
CVE-2024-52966,https://securityvulnerability.io/vulnerability/CVE-2024-52966,Information Disclosure Vulnerability in Fortinet FortiAnalyzer,"An information disclosure vulnerability exists in Fortinet FortiAnalyzer versions 6.4.0 through 7.6.0. An attacker could exploit this flaw through filter manipulation, potentially exposing sensitive information to unauthorized parties. This highlights the importance of ensuring proper filtering mechanisms to safeguard against unauthorized data access.",Fortinet,Fortianalyzer,2.2,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:01.588Z,0
CVE-2024-52968,https://securityvulnerability.io/vulnerability/CVE-2024-52968,Improper Authentication in Fortinet FortiClient Affects MacOS Devices,"An improper authentication vulnerability in Fortinet FortiClient for MacOS allows attackers to bypass security measures using an empty password, potentially giving them unauthorized access to sensitive system resources. This issue affects FortiClient versions 7.0.11 through 7.2.4, emphasizing the need for immediate updates to mitigate risks associated with unauthorized access.",Fortinet,Forticlientmac,5.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:00.587Z,0
CVE-2024-50569,https://securityvulnerability.io/vulnerability/CVE-2024-50569,OS Command Injection Vulnerability in Fortinet FortiWeb Products,"Fortinet FortiWeb versions 7.0.0 to 7.6.0 are susceptible to an OS command injection vulnerability. This issue stems from improper handling and neutralization of special elements in user inputs. Attackers can exploit this fault to execute unauthorized commands or code on the system, posing significant security risks. Organizations using affected versions are advised to review their configurations and apply the necessary patches to safeguard against potential exploits.",Fortinet,Fortiweb,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:09:00.303Z,0
CVE-2025-24470,https://securityvulnerability.io/vulnerability/CVE-2025-24470,Improper Path Resolution Vulnerability in FortiPortal by Fortinet,"A vulnerability in FortiPortal affects several versions from 7.0.0 to 7.4.2, allowing remote unauthenticated attackers to exploit improper resolution of path equivalence. By crafting specific HTTP requests, attackers can gain unintended access to source code, presenting potential security threats and the risk of sensitive information disclosure. Mitigation steps should be taken to protect affected systems from potential exploitation.",Fortinet,Fortiportal,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-11T16:08:58.707Z,0
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-50563,https://securityvulnerability.io/vulnerability/CVE-2024-50563,Weak Authentication Vulnerability in Fortinet FortiManager and FortiAnalyzer Cloud,A vulnerability exists in Fortinet's FortiManager and FortiAnalyzer Cloud due to weak authentication mechanisms. This flaw allows attackers to execute unauthorized commands or code by exploiting brute-force techniques to gain access to the affected products. Administrators are urged to implement more robust authentication measures to mitigate risks associated with unauthorized access.,Fortinet,"Fortianalyzer,Fortimanager",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-16T09:16:52.864Z,0
CVE-2024-48885,https://securityvulnerability.io/vulnerability/CVE-2024-48885,"Path Traversal Vulnerability in Fortinet FortiRecorder, FortiWeb, and FortiVoice","A path traversal vulnerability has been identified in Fortinet's FortiRecorder, FortiWeb, and FortiVoice products, allowing attackers to exploit improper limitations on file paths. This flaw affects multiple versions of these products, enabling unauthorized privilege escalation through the use of specially crafted packets. Users of the affected versions are encouraged to apply updates and follow security best practices to mitigate potential risks.",Fortinet,"Fortirecorder,Fortiweb,Fortivoice",9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,false,false,false,,2025-01-16T09:01:52.958Z,0
CVE-2024-45331,https://securityvulnerability.io/vulnerability/CVE-2024-45331,Incorrect Privilege Assignment in Fortinet FortiAnalyzer and FortiManager,"Fortinet FortiAnalyzer and FortiManager products are affected by a vulnerability that allows an attacker to escalate privileges through specific shell commands. This could potentially enable unauthorized users to gain higher-level access within the system, compromising sensitive data and system integrity. This issue exists across multiple versions of both FortiAnalyzer and FortiManager, highlighting the importance for users to apply updates and patches promptly.",Fortinet,"Fortianalyzer,Fortimanager",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T08:59:23.201Z,0
CVE-2024-35280,https://securityvulnerability.io/vulnerability/CVE-2024-35280,Cross-Site Scripting Vulnerability in Fortinet FortiDeceptor,"An improper neutralization of input during web page generation in Fortinet's FortiDeceptor can lead to a reflected cross-site scripting attack. This vulnerability allows an attacker to manipulate recovery endpoints, potentially executing malicious scripts in the context of the victim's browser, thereby compromising user data and system integrity. The affected versions of FortiDeceptor include all versions of 3.x, 4.x, 5.0, 5.1 and specific versions 5.2.0 and 5.3.0. To mitigate the risks, users are advised to apply the recommended patches and implement necessary security measures.",Fortinet,Fortideceptor,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-15T10:07:14.953Z,0
CVE-2023-37936,https://securityvulnerability.io/vulnerability/CVE-2023-37936,Hard-Coded Cryptographic Key Vulnerability in Fortinet FortiSwitch,"A hard-coded cryptographic key in multiple versions of Fortinet FortiSwitch exposes the devices to potential exploitation. Attackers can execute unauthorized code or commands by sending crafted requests to affected versions. This vulnerability can compromise the integrity of the network and lead to unauthorized access, necessitating swift actions for mitigation and remediation.",Fortinet,FortiSwitch,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2023-42785,https://securityvulnerability.io/vulnerability/CVE-2023-42785,Denial of Service Vulnerability in FortiOS by Fortinet,"A null pointer dereference vulnerability in specific versions of FortiOS can be exploited by an attacker to trigger a denial of service (DoS). This occurs when a crafted HTTP request is processed by the affected FortiOS versions, leading to service interruptions. The affected versions include FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, and all versions of 7.0, 6.4, 6.2, and 6.0. Organizations using these versions are advised to take immediate steps to mitigate the risk.",Fortinet,FortiOS,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-23106,https://securityvulnerability.io/vulnerability/CVE-2024-23106,Improper Authentication Management in FortiClientEMS Products by Fortinet,"The vulnerability allows an unauthenticated attacker to exploit the improper management of authentication attempts in FortiClientEMS versions 7.2.0 to 7.2.4 and versions prior to 7.0.10. Through specifically crafted HTTP or HTTPS requests, attackers can execute brute force attacks against the FortiClientEMS console, potentially compromising user credentials and access controls. Organizations utilizing these affected versions should prioritize applying recommended patches and implementing additional security measures to safeguard against unauthorized access.",Fortinet,Forticlientems,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-27778,https://securityvulnerability.io/vulnerability/CVE-2024-27778,OS Command Injection Vulnerability in FortiSandbox by Fortinet,"An improper neutralization of special elements used in OS command execution has been identified in Fortinet's FortiSandbox. This vulnerability affects versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6, as well as any version below 4.0.4. An attacker with at least read-only permission can exploit this flaw to execute unauthorized commands by sending specially crafted requests, which could lead to unauthorized access and control over the affected system.",Fortinet,FortiSandbox,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2023-46715,https://securityvulnerability.io/vulnerability/CVE-2023-46715,Origin Validation Flaw in Fortinet FortiOS IPSec VPN,"An origin validation error in Fortinet's FortiOS IPSec VPN enables an authenticated user with dynamic IP addressing to send packets that can spoof another user's IP. This vulnerability affects versions 7.4.0 through 7.4.1 and 7.2.6 and below, allowing a potential threat to network integrity by exploiting crafted network packets.",Fortinet,FortiOS IPSec VPN,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0