CVSSv3 Score: 2.1 An insufficiently protected credentials [CWE-522] vulnerability in FortiOS may allow a privileged authenticated attacker to retrieve LDAP credentials via modifying the LDAP server IP address in the FortiOS...
Read MoreCVSSv3 Score: 7.1 An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in FortiClient Windows may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack...
Read MoreCVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on...
Read MoreCVSSv3 Score: 4.2 An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability [CWE-80] in FortiADC virtual server’s default error page may allow an unauthenticated attacker to execute...
Read MoreCVSSv3 Score: 7.1 A Heap-based Buffer Overflow vulnerability [CWE-122] in FortiClient Windows may allow an authenticated local IPSec user to execute arbitrary code or commands via “fortips_74.sys” driver. The...
Read MoreCVSSv3 Score: 3.9 A CRLF Header Injection vulnerability [CWE-93] in FortiMail user GUI may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link Revised on 2025-11-18...
Read MoreCVSSv3 Score: 3.8 A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in FortiPAM may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators’...
Read MoreCVSSv3 Score: 5.0 An Improper Isolation or Compartmentalization vulnerability [CWE-653] in FortiSandbox may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file. Revised on 2025-11-18...
Read MoreCVSSv3 Score: 5.2 An insufficiently protected credentials vulnerability [CWE-522] in FortiExtender may allow an authenticated user to obtain administrator credentials via debug log commands. Revised on 2025-11-18...
Read MoreCVSSv3 Score: 3.9 An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiADC Logs may allow an admin with read-only permission to get the external resources password via the logs of the...
Read MoreCVSSv3 Score: 4.9 An active debug code vulnerability [CWE-489] in FortiClientWindows may allow a local attacker to run the application step by step and retrieve the saved VPN user password Revised on 2025-11-18...
Read MoreCVSSv3 Score: 6.3 An Out-of-bounds Write vulnerability [CWE-787] in FortiADC may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests. Revised on 2025-11-18...
Read More