| CVE-2026-25089 | critical | 9.8 | A improper neutralization of special elements used in an os command ('os command injection') vulnera… | Jun 9, 2026 | Jun 11, 2026 |
| CVE-2025-67862 | medium | 6.7 | An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerabili… | Jun 9, 2026 | Jun 11, 2026 |
| CVE-2026-49938 | medium | 6.2 | A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2… | Jun 9, 2026 | Jul 8, 2026 |
| CVE-2026-44279 | medium | 5.5 | An improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2… | May 12, 2026 | Jun 26, 2026 |
| CVE-2026-44278 | low | 2.3 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4… | May 12, 2026 | May 16, 2026 |
| CVE-2026-44277 | critical | 9.8 | A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0… | May 12, 2026 | May 28, 2026 |
| CVE-2026-26083 | critical | 9.8 | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4… | May 12, 2026 | Jul 8, 2026 |
| CVE-2025-67604 | medium | 5.3 | A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4,… | May 12, 2026 | May 15, 2026 |
| CVE-2025-53680 | medium | 6.7 | An improper neutralization of special elements used in an OS command ("OS Command Injection") vulner… | May 12, 2026 | Jul 8, 2026 |
| CVE-2025-53870 | medium | 6.5 | An improper neutralization of special elements used in an os command ('os command injection') vulner… | May 12, 2026 | Jul 8, 2026 |
| CVE-2025-53681 | medium | 6.3 | An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerabili… | May 12, 2026 | Jul 8, 2026 |
| CVE-2026-25690 | medium | 4.0 | An improper neutralization of argument delimiters in a command ('argument injection') vulnerability … | May 12, 2026 | Jul 8, 2026 |
| CVE-2025-53844 | high | 8.3 | A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7… | May 12, 2026 | Jul 8, 2026 |
| CVE-2026-25088 | medium | 5.1 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerabilit… | May 12, 2026 | Jul 8, 2026 |
| CVE-2026-43500 | high | 7.8 | In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPON… | May 11, 2026 | Jun 30, 2026 |
| CVE-2026-43284 | high | 8.8 | In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decry… | May 8, 2026 | Jul 1, 2026 |
| CVE-2026-31431 | high | 7.8 | In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to … | Apr 22, 2026 | Jul 1, 2026 |
| CVE-2026-40688 | high | 7.2 | An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.… | Apr 14, 2026 | Apr 20, 2026 |
| CVE-2026-39815 | high | 8.8 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability… | Apr 14, 2026 | Apr 20, 2026 |
| CVE-2026-39814 | medium | 6.7 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 thr… | Apr 14, 2026 | Apr 21, 2026 |
| CVE-2026-39812 | medium | 4.8 | A improper neutralization of input during web page generation ('cross-site scripting') vulnerability… | Apr 14, 2026 | Apr 21, 2026 |
| CVE-2026-39811 | medium | 4.9 | A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.… | Apr 14, 2026 | Apr 21, 2026 |
| CVE-2026-39810 | medium | 6.0 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 m… | Apr 14, 2026 | Apr 21, 2026 |
| CVE-2026-39809 | medium | 6.7 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability… | Apr 14, 2026 | Apr 21, 2026 |
| CVE-2026-39808 | critical | 9.8 | A improper neutralization of special elements used in an os command ('os command injection') vulnera… | Apr 14, 2026 | Apr 22, 2026 |