CVE-2025-54822

An improper authorization vulnerability CWE-285 vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an...

EUVD-2024-31248

Malicious code in bioql PyPI...

EUVD-2024-19368

Malicious code in bioql PyPI...

EUVD-2022-46923

Malicious code in bioql PyPI...

CVE-2023-29184

CVE-2023-29184 describes an incomplete cleanup (CWE-459) vulnerability affecting Fortinet FortiOS and FortiProxy. Affected: FortiOS 7.2 all versions and earlier, and FortiProxy 7.2.0–7.2.2 and before 7.0.8. Exploitation allows a VDOM-privileged attacker to silently add SSH key files via crafted C...

CVE-2023-36639

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows...

CVE-2022-42474

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged...

CVE-2021-26103

An insufficient verification of data authenticity vulnerability CWE-345 in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-sit...

CVE-2024-26006

Fortinet FortiOS/FortiProxy vulnerability CVE-2024-26006 is an improper neutralization of input during web page generation (CWE-79) that enables a remote unauthenticated attacker to perform Cross-Site Scripting via a malicious Samba server. Affected: FortiOS <= 7.4.3, <= 7.2.7, <= 7.0.13...

CVE-2022-40684

An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...

CVE-2022-42475: Critical Unauthenticated Remote Code Execution Vulnerability in FortiOS; Exploitation Reported

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On December 12, 2022, FortiGuard Labs published advisory FG-IR-22-398 regarding a critical CVSSv3 9.3 “heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN which may all...