Several critical vulnerabilities have been identified across various Fortinet products, including FortiOS and FortiProxy, posing significant security risks to users. These vulnerabilities range from authorization bypass and improper authentication to SQL injection and buffer overflow attacks. Specifically, an authorization bypass vulnerability in FortiOS and FortiProxy versions allows authenticated attackers to manipulate URLs to gain unauthorized access to another user’s bookmarks. Additionally, FortiClientEMS is susceptible to SQL injection attacks, enabling unauthorized execution of code or commands through specially crafted packets. Furthermore, an improper authentication flaw in FortiOS, particularly when configured with FortiAuthenticator in HA mode, permits readonly users to escalate privileges to read-write access via successive login attempts. Moreover, both FortiOS and FortiProxy are susceptible to stack-based buffer overflow and out-of-bounds write vulnerabilities, which could be exploited by attackers to execute unauthorized code or commands by sending specially crafted HTTP requests. These vulnerabilities collectively highlight the urgent need for users to apply patches and updates provided by Fortinet to mitigate these security risks and safeguard their systems against potential exploitation.