A improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through…

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and…

An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of…

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0…

A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 – 7.0.7, 6.4.0 – 6.4.9, 6.2.0 – 6.2.9 and 6.0.0 – 6.0.10 allows an attacker to execute…

An improper neutralization of input during web page generation vulnerability (‘Cross-site Scripting’) [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version…

A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and…

A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated…

A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 – 7.0.7, 6.4.0 – 6.4.9, 6.2.0 – 6.2.9 and 6.0.0 – 6.0.10 allows an attacker…

An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to…