CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43951
https://notcve.org/view.php?id=CVE-2022-43951
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-409 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27995
https://notcve.org/view.php?id=CVE-2023-27995
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload. • https://fortiguard.com/psirt/FG-IR-23-051 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-41330
https://notcve.org/view.php?id=CVE-2022-41330
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. • https://fortiguard.com/psirt/FG-IR-22-363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22635
https://notcve.org/view.php?id=CVE-2023-22635
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade. • https://fortiguard.com/psirt/FG-IR-22-481 • CWE-494: Download of Code Without Integrity Check •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26209
https://notcve.org/view.php?id=CVE-2023-26209
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. • https://fortiguard.com/psirt/FG-IR-20-078 • CWE-307: Improper Restriction of Excessive Authentication Attempts •