Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
FortinetFortiweb

107 matches found

CVE
CVEadded 2021/12/08 11:15 a.m.33 views

CVE-2021-36180

Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.

8.8CVSS8.9AI score0.00524EPSS
CVE
CVEadded 2023/02/16 7:15 p.m.32 views

CVE-2023-25602

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all ...

7.8CVSS8AI score0.00089EPSS
CVE
CVEadded 2023/02/16 7:15 p.m.30 views

CVE-2021-42761

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identi...

9.8CVSS9.4AI score0.01304EPSS
CVE
CVEadded 2025/08/12 7:15 p.m.8 views

CVE-2025-27759

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code...

6.7CVSS7.7AI score0.00041EPSS
CVE
CVEadded 2025/08/12 7:15 p.m.7 views

CVE-2025-32766

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands

6.7CVSS8.5AI score0.00021EPSS
CVE
CVEadded 2025/08/12 7:15 p.m.7 views

CVE-2025-47857

A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands.

6.7CVSS8.1AI score0.00044EPSS
CVE
CVEadded 2025/09/09 2:15 p.m.4 views

CVE-2025-53609

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests.

4.9CVSS6.4AI score0.00072EPSS
Total number of security vulnerabilities107