6 matches found
EUVD-2026-22340
A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via...
CVE-2026-24641
CVE-2026-24641 describes a NULL pointer dereference in Fortinet FortiWeb that can crash the HTTP daemon via crafted HTTP requests. Affected: FortiWeb 8.0.0–8.0.2; 7.6.0–7.6.6; 7.4 (all versions); 7.2 (all versions); 7.0 (all versions). Impact: availability disruption (HTTP daemon crash) with auth...
PT-2025-32883
Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0 through 7.6 Fortinet FortiWeb versions 7.6.3 and below Fortinet FortiWeb versions 7.4.7 and below Fortinet FortiWeb versions 7.2.10 and below Fortinet FortiWeb versions 7.0.10 and below Description An improper...
Fortinet FortiWeb ] Lack of client-side certificate validation when establishing secure connections (FG-IR-22-326)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-326 advisory. - An improper certificate validation vulnerability CWE-295 in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions...
CVE-2022-30299
A path traversal vulnerability CWE-23 in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially...
CVE-2022-30300
A relative path traversal vulnerability CWE-23 in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests...