CVE-2025-53680

Fortinet FortiAP family (FortiAP 7.6.0–7.6.2, 7.4.0–7.4.5, 7.2 all, 7.0 all, 6.4 all; FortiAP-U 7.0.0–7.0.5, 6.2 all; FortiAP-W2 7.4.0–7.4.4, 7.2 all, 7.0 all) are affected by an OS Command Injection via crafted CLI requests. The vulnerability arises from improper neutralization of special elemen...

CVE-2022-42476

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via...

EUVD-2024-42866

Malicious code in bioql PyPI...

EUVD-2024-54976

Malicious code in bioql PyPI...

CVE-2024-45325

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerabilities CWE-78 in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2023-29184

An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests...

Fortinet Fortigate SSH key is added even if operation is aborted (FG-IR-23-008)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-008 advisory. - An incomplete cleanup vulnerability CWE-459 in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2...

CVE-2024-35274

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read...

CVE-2024-32116

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the...

CVE-2024-33501

Two improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7...

CVE-2024-32123

Multiple improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0...

CVE-2024-47566

A improper limitation of a pathname to a restricted directory 'path traversal' CWE-23 in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests...

CVE-2024-35274

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read...

CVE-2024-32116

Multiple relative path traversal vulnerabilities CWE-23 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the...

CVE-2024-31496

CVE-2024-31496 affects Fortinet FortiManager and FortiAnalyzer families. A stack-based buffer overflow (CWE-121) exists in FortiManager versions 7.4.0–7.4.2 and before 7.2.5, FortiAnalyzer versions 7.4.0–7.4.2 and before 7.2.5, and FortiAnalyzer-BigData 7.4.0 and before 7.2.7. The vulnerability a...

CVE-2024-31496

A stack-based buffer overflow vulnerability CWE-121 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or...

CVE-2024-31496

A stack-based buffer overflow vulnerability CWE-121 in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or...

CVE-2024-35274

CVE-2024-35274 describes a Path Traversal vulnerability affecting Fortinet FortiAnalyzer (versions below 7.4.2), FortiManager (below 7.4.2), and FortiAnalyzer-BigData (below 7.2.7 and 7.4.0). The underlying issue is an improper limitation of a pathname to a restricted directory, allowing a privil...

CVE-2024-35274

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read...

CVE-2024-35274

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read...