CVSS: 9.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40714
https://notcve.org/view.php?id=CVE-2023-40714
02 Apr 2025 — A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements • https://fortiguard.com/psirt/FG-IR-23-085 • CWE-23: Relative Path Traversal •
CVSS: 5.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-33302
https://notcve.org/view.php?id=CVE-2023-33302
31 Mar 2025 — A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-21-023 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 19EXPL: 0CVE-2021-24008
https://notcve.org/view.php?id=CVE-2021-24008
28 Mar 2025 — An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 an... • https://fortiguard.fortinet.com/psirt/FG-IR-20-105 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16149
https://notcve.org/view.php?id=CVE-2019-16149
28 Mar 2025 — An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system. • https://fortiguard.fortinet.com/psirt/FG-IR-19-072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 42EXPL: 1CVE-2023-25610
https://notcve.org/view.php?id=CVE-2023-25610
24 Mar 2025 — A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifi... • https://github.com/qi4L/CVE-2023-25610 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26091
https://notcve.org/view.php?id=CVE-2021-26091
24 Mar 2025 — A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of users authentication tokens and reset their credentials. • https://fortiguard.com/advisory/FG-IR-21-031 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26105
https://notcve.org/view.php?id=CVE-2021-26105
24 Mar 2025 — A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-20-234 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-16151
https://notcve.org/view.php?id=CVE-2019-16151
21 Mar 2025 — An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context. This happens when the FortiGate has web filtering and category override enabled/configured. • https://fortiguard.com/advisory/FG-IR-19-301 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47539
https://notcve.org/view.php?id=CVE-2023-47539
18 Mar 2025 — An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request. • https://fortiguard.com/psirt/FG-IR-23-439 • CWE-284: Improper Access Control •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21760
https://notcve.org/view.php?id=CVE-2024-21760
18 Mar 2025 — An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet. • https://fortiguard.fortinet.com/psirt/FG-IR-23-420 • CWE-94: Improper Control of Generation of Code ('Code Injection') •