| CVE ID | CVSS3.1 | Exploitable | Vendor | Product | Vulnerability | Date added |
|---|---|---|---|---|---|---|
| CVE-2026-24858 | 9.4 | True | Fortinet | Multiple Products | Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability | 2026-01-27 00:00:00 |
| CVE-2025-59718 | 9.1 | True | Fortinet | Multiple Products | Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability | 2025-12-16 00:00:00 |
| CVE-2025-58034 | 6.7 | True | Fortinet | FortiWeb | Fortinet FortiWeb OS Command Injection Vulnerability | 2025-11-18 00:00:00 |
| CVE-2025-64446 | 9.4 | True | Fortinet | FortiWeb | Fortinet FortiWeb Path Traversal Vulnerability | 2025-11-14 00:00:00 |
| CVE-2025-25257 | 9.6 | True | Fortinet | FortiWeb | Fortinet FortiWeb SQL Injection Vulnerability | 2025-07-18 00:00:00 |
| CVE-2019-6693 | 6.5 | True | Fortinet | FortiOS | Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability | 2025-06-25 00:00:00 |
| CVE-2025-32756 | 9.6 | True | Fortinet | Multiple Products | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | 2025-05-14 00:00:00 |
| CVE-2025-24472 | 8.1 | True | Fortinet | FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | 2025-03-18 00:00:00 |
| CVE-2024-55591 | 9.6 | True | Fortinet | FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | 2025-01-14 00:00:00 |
| CVE-2024-47575 | 9.8 | True | Fortinet | FortiManager | Fortinet FortiManager Missing Authentication Vulnerability | 2024-10-23 00:00:00 |
| CVE-2024-23113 | 9.8 | True | Fortinet | Multiple Products | Fortinet Multiple Products Format String Vulnerability | 2024-10-09 00:00:00 |
| CVE-2023-48788 | 9.3 | True | Fortinet | FortiClient EMS | Fortinet FortiClient EMS SQL Injection Vulnerability | 2024-03-25 00:00:00 |
| CVE-2024-21762 | 9.6 | True | Fortinet | FortiOS | Fortinet FortiOS Out-of-Bound Write Vulnerability | 2024-02-09 00:00:00 |
| CVE-2023-27997 | 9.2 | True | Fortinet | FortiOS and FortiProxy SSL-VPN | Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability | 2023-06-13 00:00:00 |
| CVE-2022-41328 | 6.5 | True | Fortinet | FortiOS | Fortinet FortiOS Path Traversal Vulnerability | 2023-03-14 00:00:00 |
| CVE-2022-42475 | 9.3 | True | Fortinet | FortiOS | Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability | 2022-12-13 00:00:00 |
| CVE-2022-40684 | 9.8 | True | Fortinet | Multiple Products | Fortinet Multiple Products Authentication Bypass Vulnerability | 2022-10-11 00:00:00 |
| CVE-2018-13374 | 4.3 | True | Fortinet | FortiOS and FortiADC | Fortinet FortiOS and FortiADC Improper Access Control Vulnerability | 2022-09-08 00:00:00 |
| CVE-2018-13383 | 4.3 | True | Fortinet | FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Out-of-bounds Write | 2022-01-10 00:00:00 |
| CVE-2018-13382 | 9.1 | True | Fortinet | FortiOS and FortiProxy | Fortinet FortiOS and FortiProxy Improper Authorization | 2022-01-10 00:00:00 |
| CVE-2021-44168 | 3.3 | True | Fortinet | FortiOS | Fortinet FortiOS Arbitrary File Download | 2021-12-10 00:00:00 |
| CVE-2018-13379 | 9.1 | True | Fortinet | FortiOS | Fortinet FortiOS SSL VPN Path Traversal Vulnerability | 2021-11-03 00:00:00 |
| CVE-2020-12812 | 9.8 | True | Fortinet | FortiOS | Fortinet FortiOS SSL VPN Improper Authentication Vulnerability | 2021-11-03 00:00:00 |
| CVE-2019-5591 | 6.5 | True | Fortinet | FortiOS | Fortinet FortiOS Default Configuration Vulnerability | 2021-11-03 00:00:00 |
AVET INS is an owner of VULNDBASE brand and website. This product uses data from the NVD API but is not endorsed or certified by the NVD. See NVD page for more information. CVE is a registered trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE site. CWE is a registered trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE page. KEV (Known Exploited Vulnerabilities) is a catalog maintained by CISA. EUVD is the official EU repository for timely, curated cybersecurity vulnerability intelligence and remediation guidance run by ENISA. DORA (Digital Operational Resilience Act) is and EU directive.
Copyright AVET INS 1997 - 2026