CVE-2025-58412

>= 7.2.0 and < 7.6.4

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC

4.7MEDIUM

CVE-2025-54971

>= 6.2.0 and < 7.4.3

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions,

4.3MEDIUM

CVE-2025-48839

>= 6.2.0 and < 7.4.8

An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1

6.6MEDIUM

CVE-2025-59921

>= 6.2.0 and < 7.1.5

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version

6.5MEDIUM

CVE-2025-49813

>= 6.2.0 and <= 6.2.6

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet F

7.2HIGH

CVE-2025-31104

>= 6.1.0 and < 7.1.5

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7

7.2HIGH

CVE-2023-37933

>= 5.3.0 and < 7.1.4

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI ver

8.8HIGH

CVE-2022-23439

>= 5.4.0 and < 6.2.4

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches

4.7MEDIUM

CVE-2024-36511

>= 6.0.0 and < 7.4.5

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 thr

3.7LOW

CVE-2023-50181

>= 6.0.0 and < 7.2.5

An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a rea

4.9MEDIUM

CVE-2023-50179

>= 7.0.0 and < 7.4.1

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions

4.8MEDIUM

CVE-2023-50178

>= 6.0.0 and <= 6.0.4

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versi

7.4HIGH

CVE-2023-50180

<= 6.2.6

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 an

5.5MEDIUM

CVE-2023-41673

>= 6.0.0 and <= 6.0.4

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged u

7.1HIGH

CVE-2023-29177

>= 7.1.0 and <= 7.1.2

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.

6.7MEDIUM

CVE-2023-25603

all versions

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.

5.4MEDIUM

CVE-2023-26205

>= 6.1.0 and <= 6.1.6

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all

8.1HIGH

CVE-2023-25607

>= 6.0.0 and <= 6.0.4

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiMana

7.8HIGH

CVE-2022-35849

< 6.2.6

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiA

7.8HIGH

CVE-2023-28000

>= 6.0.0 and <= 6.0.4

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through

6.7MEDIUM

CVE-2023-26210

>= 5.2.0 and <= 5.2.8

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulner

7.8HIGH

CVE-2023-27999

>= 7.1.0 and < 7.1.2

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.

7.8HIGH

CVE-2023-27993

>= 5.2.0 and <= 7.0.5

A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbi

6.0MEDIUM

CVE-2022-43952

>= 6.2.0 and < 6.2.6

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version

3.5LOW

CVE-2022-43948

>= 5.1.0 and < 6.2.6

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 th

6.7MEDIUM

CVE-2022-40679

>= 5.0.0 and < 6.2.5

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 al

7.8HIGH

CVE-2022-27482

>= 5.0.0 and <= 5.0.4

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 th

7.8HIGH

CVE-2022-39947

>= 5.4.0 and <= 5.4.5

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 th

8.8HIGH

CVE-2022-33876

>= 5.1.0 and <= 6.2.4

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and

5.4MEDIUM

CVE-2022-33875

>= 5.2.0 and <= 6.2.4

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version

5.4MEDIUM

CVE-2022-38381

>= 5.0.0 and <= 5.0.4

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 a

5.3MEDIUM

CVE-2022-38374

>= 6.2.0 and < 6.2.4

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.

8.8HIGH

CVE-2022-35851

all versions

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may a

8.0HIGH

CVE-2021-43076

>= 5.3.0 and <= 5.3.7

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5

6.3MEDIUM

CVE-2022-22299

>= 6.0.0 and <= 6.0.4

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version

7.8HIGH

CVE-2022-27484

>= 5.0.0 and < 6.2.4

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacke

5.4MEDIUM

CVE-2022-26120

>= 5.0.0 and < 6.2.3

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC

5.4MEDIUM

CVE-2021-32591

>= 5.0.0 and <= 5.4.4

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox befor

5.3MEDIUM

CVE-2021-42757

>= 5.0.0 and <= 6.1.5

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authe

6.7MEDIUM

CVE-2020-15935

>= 5.0.0 and <= 5.4.3

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authe

4.3MEDIUM

CVE-2021-24024

<= 5.3.7

A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and

4.3MEDIUM

CVE-2019-6699

<= 5.3.3

An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored

5.4MEDIUM

CVE-2018-13374

>= 5.4.0 and < 5.4.5

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attac

4.3MEDIUM

CVE-2014-8618

all versions

Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers

CVE-2014-8582

all versions

FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to o

CVE-2014-0331

all versions

Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote