CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-48839
https://notcve.org/view.php?id=CVE-2025-48839
18 Nov 2025 — An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-25-225 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-54971
https://notcve.org/view.php?id=CVE-2025-54971
18 Nov 2025 — An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product • https://fortiguard.fortinet.com/psirt/FG-IR-25-686 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-59921
https://notcve.org/view.php?id=CVE-2025-59921
14 Oct 2025 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-434 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49813
https://notcve.org/view.php?id=CVE-2025-49813
12 Aug 2025 — An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters. • https://fortiguard.fortinet.com/psirt/FG-IR-25-501 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-31104
https://notcve.org/view.php?id=CVE-2025-31104
10 Jun 2025 — An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-25-099 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-37933
https://notcve.org/view.php?id=CVE-2023-37933
11 Mar 2025 — An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests. An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack vi... • https://fortiguard.com/psirt/FG-IR-23-216 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 98EXPL: 0CVE-2022-23439
https://notcve.org/view.php?id=CVE-2022-23439
22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 3.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36511
https://notcve.org/view.php?id=CVE-2024-36511
10 Sep 2024 — An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature Una verificación de seguridad implementada incorrectamente para la vulnerabilidad estándar [CWE-3... • https://fortiguard.fortinet.com/psirt/FG-IR-22-256 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50178
https://notcve.org/view.php?id=CVE-2023-50178
09 Jul 2024 — An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. • https://fortiguard.fortinet.com/psirt/FG-IR-22-298 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-50181
https://notcve.org/view.php?id=CVE-2023-50181
09 Jul 2024 — An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-469 • CWE-284: Improper Access Control •