CVE-2026-40688 - An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.

CVE-2026-39815 - A improper neutralization of special elements used in an sql command ('sql injection') vulnerability

CVE-2026-39814 - A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 thr

CVE-2026-39813 - A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSand

CVE-2026-39812 - A improper neutralization of input during web page generation ('cross-site scripting') vulnerability

CVE-2026-39811 - A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.

CVE-2026-39810 - A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 m

CVE-2026-39809 - A improper neutralization of special elements used in an sql command ('sql injection') vulnerability

CVE-2026-39808 - A improper neutralization of special elements used in an os command ('os command injection') vulnera

CVE-2026-27316 - A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, F

CVE-2026-25691 - A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fo

CVE-2026-23708 - A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR Pa

CVE-2026-22828 - A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, Fort

CVE-2026-22576 - A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7

CVE-2026-22574 - A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7

CVE-2026-22573 - An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in F

CVE-2026-22155 - A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 thr

CVE-2026-22154 - An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit

CVE-2026-21742 - A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 thr

CVE-2026-21741 - An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fort

CVE-2025-68649 - An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in F

CVE-2025-61886 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit

CVE-2025-61848 - An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit

CVE-2025-61624 - An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerabi

CVE-2025-59809 - A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR Paa

CVE-2025-53847 - A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3

CVE-2024-23104 - An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6

CVE-2026-35616 - A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an

CVE-2026-30897 - A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0

CVE-2026-25972 - An improper neutralization of input during web page generation ('cross-site scripting') vulnerabilit

CVE-2026-25836 - An improper neutralization of special elements used in an os command ('os command injection') vulner

CVE-2026-25689 - An improper neutralization of argument delimiters in a command ('argument injection') vulnerability

CVE-2026-24641 - A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through

CVE-2026-24640 - A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 throu

CVE-2026-24018 - A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.

CVE-2026-24017 - An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet Forti

CVE-2026-22629 - An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer

CVE-2026-22628 - An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allo

CVE-2026-22627 - A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet F

CVE-2026-22572 - An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer

CVE-2025-68648 - A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7

CVE-2025-68482 - A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, Forti

CVE-2025-66178 - A improper neutralization of special elements used in an os command ('os command injection') vulnera

CVE-2025-55717 - A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet Forti

CVE-2025-54820 - A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 t

CVE-2025-54659 - An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE

CVE-2025-53608 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit

CVE-2025-49784 - An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit

CVE-2025-48840 - An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWe

CVE-2025-48418 - A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.

CVE-2026-22153 - An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet Forti

CVE-2026-21743 - A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthe

CVE-2025-68686 - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability

CVE-2025-64157 - A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4,

CVE-2025-62676 - An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerabili

CVE-2025-62439 - An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability

CVE-2025-55018 - An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet

CVE-2025-52436 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit

CVE-2026-21643 - An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit

CVE-2026-25815 - Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configu

CVE-2026-24858 - An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in