CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

RedhatCVE•added 2026/06/05 7:14 p.m.•9 views

CVE-2026-22828

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large...

8.1CVSS6.4AI score0.00901EPSS

Exploits0References1

NCSC•added 2026/04/15 12:20 p.m.•16 views

Vulnerabilities are detected in Fortinet FortiAnalyzer and FortiManager

Fortinet has identified vulnerabilities in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud. Malicious individuals could exploit these vulnerabilities by executing unauthorized code or deleting files. Specifically, FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and...

8.1CVSS6.2AI score0.00901EPSS

Exploits0References3

EUVD•added 2026/04/14 6:30 p.m.•5 views

EUVD-2025-209457

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer...

6CVSS5.8AI score0.00413EPSS

Exploits0References2

NVD•added 2026/04/14 4:16 p.m.•6 views

CVE-2025-61848

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4,...

7.2CVSS0.00511EPSS

Exploits0References1

CVE•added 2026/04/14 3:39 p.m.•12 views

CVE-2025-68649

The CVE-2025-68649 issue is a path traversal vulnerability in Fortinet products including FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud across multiple 7.x versions (and 7.0/7.2/7.4/7.6 lines). The root cause is an improper limitation of a pathname to a restricted direc...

6.5CVSS5.8AI score0.00413EPSS

Exploits0References1Affected Software1

CVE•added 2026/04/14 3:38 p.m.•24 views

CVE-2025-61848

CVE-2025-61848 is an SQL injection vulnerability caused by improper neutralization of special elements in Fortinet products (FortiAnalyzer, FortiManager, and their Cloud variants) across multiple 7.x releases. The flaw may allow a privileged authenticated attacker to execute unauthorized code or ...

7.2CVSS6AI score0.00511EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32653

7.2CVSS6AI score0.00511EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:13 p.m.•3 views

CVE-2025-49784

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...

7.2CVSS6AI score0.00445EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 2:57 p.m.•3 views

CVE-2026-22572

An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiManager 7.6.0 through 7.6.3, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2.2 through 7.2.11 may...

7.2CVSS5.8AI score0.00562EPSS

Exploits0References1

EUVD•added 2026/03/10 6:31 p.m.•3 views

EUVD-2025-208488

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...

6CVSS5.9AI score0.00445EPSS

Exploits0References2

OSV•added 2026/03/10 6:18 p.m.•2 views

CVE-2026-22572

7.2CVSS5.8AI score0.00562EPSS

Exploits0References1

NVD•added 2026/03/10 6:17 p.m.•4 views

CVE-2025-68482

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8,...

6.9CVSS0.00185EPSS

Exploits0References1

Cvelist•added 2026/03/10 4:44 p.m.•31 views

CVE-2025-68482

6.9CVSS0.00185EPSS

Exploits0References1

Vulnrichment•added 2026/03/10 4:44 p.m.•1 views

CVE-2025-48418

A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.6.2, FortiAnalyzer Cloud 7.4.1 through 7.4.7,...

6.7CVSS5.8AI score0.0052EPSS

Exploits0References1

CVE•added 2026/03/10 4:44 p.m.•12 views

CVE-2025-49784

The CVE-2025-49784 issue is an SQL injection in Fortinet FortiAnalyzer and FortiAnalyzer-BigData. Affected versions include FortiAnalyzer 7.6.0–7.6.4, 7.4.0–7.4.7, all 7.2/7.0, and FortiAnalyzer-BigData 7.6.0–7.4.4, 7.2, 7.0, plus 6.4/6.2 series. The root cause is improper neutralization of speci...

7.2CVSS5.9AI score0.00445EPSS

Exploits0References1Affected Software1

CVE•added 2026/03/10 4:44 p.m.•19 views

CVE-2026-22572

CVE-2026-22572 describes an authentication bypass vulnerability affecting Fortinet products: FortiAnalyzer, FortiAnalyzer Cloud, FortiManager, and FortiManager Cloud across multiple versions (7.2.x, 7.4.x, 7.6.x). The issue allows an attacker who knows the admin password to bypass multifactor aut...

7.2CVSS5.8AI score0.00562EPSS

Exploits0References1Affected Software3

Tenable Nessus•added 2026/03/10 12:0 a.m.•4 views

Fortinet FortiAnalyzer sqli (FG-IR-26-095)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-095 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

7.2CVSS6.1AI score0.00445EPSS

Exploits0References3

Tenable Nessus•added 2026/03/10 12:0 a.m.•4 views

Fortinet FortiAnalyzer Lack of TLS Certificate Validation during initial SSO Authentication (FG-IR-26-078)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-078 advisory. - A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0...

6.9CVSS5.9AI score0.00185EPSS

Exploits0References2

Positive Technologies•added 2026/03/10 12:0 a.m.•5 views

PT-2026-24231

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer-BigDa...

7.2CVSS5.9AI score0.00445EPSS

Exploits0References3

Positive Technologies•added 2026/03/10 12:0 a.m.•4 views

PT-2026-24237

6.9CVSS5.8AI score0.00185EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by