flawtinet
your most trusted vulnerable product
15+
Critical CVEs
50K+
Devices Affected
9.8
Max CVSS Score
365
Days of Exposure
Recent Vulnerability Hall of Fame
| CVE ID | CVSS Score | Severity | Description | Affected Products | Status | Year |
|---|---|---|---|---|---|---|
| CVE-2024-55591 | 9.8 | Critical | Authentication bypass via Node.js websocket module - allows super-admin privileges | FortiOS 7.0.0-7.0.16, FortiProxy 7.0.0-7.0.19, 7.2.0-7.2.12 | Actively Exploited | 2025 |
| CVE-2024-52964 | 7.2 | High | Path traversal vulnerability in FGFMd allowing arbitrary file overwrite | FortiManager 7.6.1, 7.6.0, 7.4.5, 7.4.4, 7.4.3 | Recently Disclosed | 2024 |
| CVE-2024-21762 | 9.6 | Critical | Out-of-bounds write in SSL-VPN allowing remote code execution | FortiOS 6.0, 6.2, 6.4, 7.0, 7.2, 7.4 | Actively Exploited | 2024 |
| CVE-2023-27997 | 9.2 | Critical | Heap-based buffer overflow in SSL-VPN | FortiOS 6.0, 6.2, 6.4, 7.0, 7.2 | Actively Exploited | 2023 |
| CVE-2023-45584 | 7.8 | High | Double free vulnerability in automation-stitch | FortiOS 7.4.0, 7.2.5, 7.2.4, 7.2.3, 7.2.2 | Patched | 2023 |
| CVE-2022-42475 | 9.3 | Critical | Heap-based buffer overflow in SSL-VPN | FortiOS 6.0, 6.2, 6.4, 7.0, 7.2 | Actively Exploited | 2022 |
| CVE-2024-48887 | 8.1 | High | Unverified password change vulnerability in FortiSwitch GUI | FortiSwitch (multiple versions) | Recently Disclosed | 2024 |
| CVE-2024-54024 | 7.4 | High | Improper restriction of communication channel to intended endpoints | FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, FortiWeb | Patched | 2024 |
| CVE-2024-26013 | 6.8 | Medium | Man-in-the-middle attack allowing device impersonation | FortiOS, FortiProxy, FortiManager, FortiAnalyzer | Patched | 2024 |
| CVE-2024-54025 | 8.0 | High | OS command injection in FortiIsolator CLI | FortiIsolator | Recently Disclosed | 2024 |
| CVE-2023-45590 | 9.4 | Critical | Improper control of code generation in FortiClientLinux | FortiClientLinux | Patched | 2023 |
| CVE-2023-45588 | 7.8 | High | External control of file name/path vulnerability | FortiClient Mac | Patched | 2023 |
| CVE-2024-31492 | 7.8 | High | External control of file name/path vulnerability | FortiClient Linux | Patched | 2024 |
| CVE-2023-41677 | 7.5 | High | Insufficiently protected credentials | Multiple Fortinet Products | Patched | 2023 |
| CVE-2024-50565 | 6.8 | Medium | Communication channel restriction bypass | FortiOS, FortiProxy, FortiManager | Patched | 2024 |