Lucene search
K

2982 matches found

RedhatCVE
RedhatCVE
added 2026/02/11 7:45 p.m.11 views

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

5.9CVSS5.7AI score0.00477EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/11 7:45 p.m.5 views

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

7.2CVSS5.8AI score0.01365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 7:45 p.m.5 views

CVE-2025-62439

An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...

4.2CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 7:45 p.m.7 views

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

5.8CVSS5.5AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.10 views

CVE-2026-22153

An Authentication Bypass by Primary Weakness vulnerability CWE-305 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way...

8.1CVSS5.7AI score0.00698EPSS
Exploits1References1
NCSC
NCSC
added 2026/02/11 11:34 a.m.9 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS Versions 7.0 to 7.6.4, 7.4.0 to 7.4.9, and 7.2.0 to 7.2.11. The vulnerabilities include an Authentication Bypass that allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies, depending on specific configuratio...

8.1CVSS5.8AI score0.01365EPSS
Exploits2References4
OSV
OSV
added 2026/02/10 4:16 p.m.3 views

CVE-2026-22153

An Authentication Bypass by Primary Weakness vulnerability CWE-305 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way...

8.1CVSS5.8AI score0.00698EPSS
Exploits1References1
NVD
NVD
added 2026/02/10 4:16 p.m.12 views

CVE-2026-22153

An Authentication Bypass by Primary Weakness vulnerability CWE-305 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way...

8.1CVSS0.00698EPSS
Exploits1References1
OSV
OSV
added 2026/02/10 4:16 p.m.6 views

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

7.2CVSS6AI score0.01365EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 4:16 p.m.6 views

CVE-2025-62439

An Improper Verification of Source of a Communication Channel vulnerability CWE-940 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations t...

4.2CVSS0.00138EPSS
Exploits0References2
NVD
NVD
added 2026/02/10 4:16 p.m.5 views

CVE-2025-64157

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration...

7.2CVSS0.01365EPSS
Exploits0References2
NVD
NVD
added 2026/02/10 4:16 p.m.10 views

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

5.9CVSS0.00477EPSS
Exploits1References1
OSV
OSV
added 2026/02/10 4:16 p.m.6 views

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

5.9CVSS5.9AI score0.00477EPSS
Exploits1References1
OSV
OSV
added 2026/02/10 4:16 p.m.4 views

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

5.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2026/02/10 4:16 p.m.8 views

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

5.8CVSS0.00351EPSS
Exploits0References2
CVE
CVE
added 2026/02/10 3:39 p.m.54 views

CVE-2025-68686

CVE-2025-68686 concerns a publicly exposed information disclosure in Fortinet FortiOS. A remote, unauthenticated attacker could bypass a patch related to the symbolic link persistency mechanism after compromising the product at the filesystem level, and then issue crafted HTTP requests to exfiltr...

5.9CVSS5.7AI score0.00477EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 3:39 p.m.8 views

CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

5.9CVSS5.7AI score0.00477EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/10 3:39 p.m.7 views

CVE-2026-22153

An Authentication Bypass by Primary Weakness vulnerability CWE-305 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way...

8.1CVSS6AI score0.00698EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/10 3:39 p.m.32 views

CVE-2026-22153

An Authentication Bypass by Primary Weakness vulnerability CWE-305 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way...

8.1CVSS0.00698EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/10 3:39 p.m.34 views

CVE-2025-55018

An inconsistent interpretation of http requests 'http request smuggling' vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request...

5.8CVSS0.00351EPSS
Exploits0References1
Rows per page
Query Builder