Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 331/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-36509(opens NVD record) | Medium | 4.2 | An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page. | Nov 12, 2024 |
| CVE-2024-36507(opens NVD record) | High | 7.3 | A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. | Nov 12, 2024 |
| CVE-2024-35274(opens NVD record) | Low | 2.3 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. | Nov 12, 2024 |
| CVE-2024-33510(opens NVD record) | Medium | 4.3 | An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. | Nov 12, 2024 |
| CVE-2024-33505(opens NVD record) | Medium | 5.6 | A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests | Nov 12, 2024 |
| CVE-2024-32118(opens NVD record) | Medium | 6.7 | Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | Nov 12, 2024 |
| CVE-2024-32117(opens NVD record) | Medium | 4.9 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. | Nov 12, 2024 |
| CVE-2024-32116(opens NVD record) | Medium | 5.1 | Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | Nov 12, 2024 |
| CVE-2024-31496(opens NVD record) | Medium | 6.7 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. | Nov 12, 2024 |
| CVE-2024-26011(opens NVD record) | Medium | 5.3 | A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets. | Nov 12, 2024 |
| CVE-2024-23666(opens NVD record) | High | 7.5 | A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests. | Nov 12, 2024 |
| CVE-2023-50176(opens NVD record) | High | 7.5 | A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link. | Nov 12, 2024 |
| CVE-2023-47543(opens NVD record) | Medium | 5.4 | An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests. | Nov 12, 2024 |
| CVE-2023-44255(opens NVD record) | Medium | 4.1 | An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests. | Nov 12, 2024 |
| CVE-2024-8069(opens NVD record) | High | 8.0 | Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server | Nov 12, 2024 |
| CVE-2024-8068(opens NVD record) | High | 8.0 | Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | Nov 12, 2024 |
| CVE-2024-49056(opens NVD record) | High | 7.3 | Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network. | Nov 12, 2024 |
| CVE-2024-49051(opens NVD record) | High | 7.8 | Microsoft PC Manager Elevation of Privilege Vulnerability | Nov 12, 2024 |
| CVE-2024-49050(opens NVD record) | High | 8.8 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49049(opens NVD record) | High | 7.1 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | Nov 12, 2024 |
| CVE-2024-49048(opens NVD record) | High | 8.1 | TorchGeo Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49046(opens NVD record) | High | 7.8 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Nov 12, 2024 |
| CVE-2024-49044(opens NVD record) | Medium | 6.7 | Visual Studio Elevation of Privilege Vulnerability | Nov 12, 2024 |
| CVE-2024-49043(opens NVD record) | High | 7.8 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49040(opens NVD record) | High | 7.5 | Microsoft Exchange Server Spoofing Vulnerability | Nov 12, 2024 |
| CVE-2024-49039(opens NVD record) | High | 8.8 | Windows Task Scheduler Elevation of Privilege Vulnerability | Nov 12, 2024 |
| CVE-2024-49033(opens NVD record) | High | 7.5 | Microsoft Word Security Feature Bypass Vulnerability | Nov 12, 2024 |
| CVE-2024-49032(opens NVD record) | High | 7.8 | Microsoft Office Graphics Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49031(opens NVD record) | High | 7.8 | Microsoft Office Graphics Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49030(opens NVD record) | High | 7.8 | Microsoft Excel Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49029(opens NVD record) | High | 7.8 | Microsoft Excel Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49028(opens NVD record) | High | 7.8 | Microsoft Excel Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49027(opens NVD record) | High | 7.8 | Microsoft Excel Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49026(opens NVD record) | High | 7.8 | Microsoft Excel Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49021(opens NVD record) | High | 7.8 | Microsoft SQL Server Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49019(opens NVD record) | High | 7.8 | Active Directory Certificate Services Elevation of Privilege Vulnerability | Nov 12, 2024 |
| CVE-2024-49018(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49017(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49016(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49015(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49014(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49013(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49012(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49011(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49010(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49009(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49008(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49007(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49006(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-49005(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |