CVE-2026-39810

A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump...

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

EUVD-2026-2239

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0 through 7.2.10, FortiClientEMS 7.0 all versions may allow an...

CVE-2021-24019

An insufficient session expiration vulnerability CWE- 613 in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks...

PT-2025-2454 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 6.4.0 through 7.0.x FortiClientEMS versions 7.2.0 through 7.2.4 FortiClientEMS version 7.4.0 Description: The issue is related to an improper verification of the source of a communication channel, which may allow a...

PT-2024-10342 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: FortiClientEMS versions 7.2.0 through 7.2.4 FortiClientEMS versions prior to 7.0.10 Description: The issue is related to an improper restriction of excessive authentication attempts, which may allow an unauthenticated attacker to perform a...