Fortinet

Fortiweb

115 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-24858

Warnung Medienbericht
  • EPSS 3.71%
  • Veröffentlicht 27.01.2026 19:18:23
  • Zuletzt bearbeitet 29.01.2026 13:16:51

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15...

9.8

CVE-2025-59719

Warnung Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 09.12.2025 17:20:11
  • Zuletzt bearbeitet 09.12.2025 19:59:29

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a cra...

7.5

CVE-2025-64471

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 17:18:44
  • Zuletzt bearbeitet 10.12.2025 19:16:14

A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 t...

8.1

CVE-2025-64447

  • EPSS 0.15%
  • Veröffentlicht 09.12.2025 17:18:42
  • Zuletzt bearbeitet 09.12.2025 20:40:27

A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allo...

5.5

CVE-2025-59669

  • EPSS 0.02%
  • Veröffentlicht 18.11.2025 17:01:19
  • Zuletzt bearbeitet 20.11.2025 14:36:53

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service ...

7.2

CVE-2025-58034

Warnung Medienbericht
  • EPSS 47.63%
  • Veröffentlicht 18.11.2025 17:01:13
  • Zuletzt bearbeitet 21.11.2025 18:27:43

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 t...

9.8

CVE-2025-64446

Warnung Exploit
  • EPSS 89.72%
  • Veröffentlicht 14.11.2025 15:50:52
  • Zuletzt bearbeitet 21.11.2025 18:27:33

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative...

4.3

CVE-2024-47569

  • EPSS 0.03%
  • Veröffentlicht 14.10.2025 15:23:03
  • Zuletzt bearbeitet 14.01.2026 10:16:02

A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6, FortiMail 7.0 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager C...

4.9

CVE-2025-53609

  • EPSS 0.09%
  • Veröffentlicht 09.09.2025 13:50:41
  • Zuletzt bearbeitet 10.09.2025 15:14:32

A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via craft...

6.7

CVE-2025-47857

  • EPSS 0.03%
  • Veröffentlicht 12.08.2025 19:00:05
  • Zuletzt bearbeitet 15.08.2025 12:25:37

A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or comman...