CVE-2025-54822

An improper authorization vulnerability CWE-285 vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an...

EUVD-2024-31248

Malicious code in bioql PyPI...

EUVD-2024-19368

Malicious code in bioql PyPI...

EUVD-2021-30033

Malicious code in bioql PyPI...

Fortinet Fortigate PKI via API: Authentication granted with an invalid certificate (FG-IR-24-511)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-511 advisory. - A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0...

CVE-2023-29184

CVE-2023-29184 describes an incomplete cleanup (CWE-459) vulnerability affecting Fortinet FortiOS and FortiProxy. Affected: FortiOS 7.2 all versions and earlier, and FortiProxy 7.2.0–7.2.2 and before 7.0.8. Exploitation allows a VDOM-privileged attacker to silently add SSH key files via crafted C...

CVE-2025-25250

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL...

CVE-2024-46669

An Integer Overflow or Wraparound vulnerability CWE-190 in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service...

CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

CVE-2024-26006

Fortinet FortiOS/FortiProxy vulnerability CVE-2024-26006 is an improper neutralization of input during web page generation (CWE-79) that enables a remote unauthenticated attacker to perform Cross-Site Scripting via a malicious Samba server. Affected: FortiOS <= 7.4.3, <= 7.2.7, <= 7.0.13...

CVE-2023-42785

A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request...

Fortinet Fortigate xss (FG-IR-21-230)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-230 advisory. - An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.0.3 and below, 6.4...

Siemens RUGGEDCOM APE 1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2017-37067)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An information...

Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2017-20964)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An information...

CVE-2017-3130

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets...

Fortinet FortiOS Local Admin Password Hash Leak Vulnerability (FG-IR-16-050)

Fortinet FortiOS is prone to a local admin password hash leak vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...