YOUR EXPOSURE RADAR · LIVE
What's in your stack?
Stop browsing 350,000+ CVEs. Tell us what you run and this page becomes your war room — exposure, patch queue, and deadlines, tuned to your environment.
Fortinet nginx Microsoft Exchange Cisco ASA
QUICK ADD+ VMware ESXi+ Ivanti Connect Secure+ Citrix NetScaler+ Apache Struts+ MOVEitclear all ×
91 items need patching now across 4 of your 4 tracked products. Nearest deadline OVERDUE.
EXPOSURES
200
PATCH NOW
91
NEAREST DEADLINE
OVERDUE
PRODUCTS WATCHED
4/4
EXPOSURE INDEX
10.0 / 10
| VERDICT | CVE | PRODUCT | CVSS | EPSS | DUE | CVE PUBLISHED | WE COVERED | WHY IT MATTERS |
|---|---|---|---|---|---|---|---|---|
| PATCH NOW | CVE-2025-20333 | Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | CRIT9.9 | 30% | OVERDUE | Sep 25, 25 | Jun 2, 26 | A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute a |
| PATCH NOW | CVE-2022-40684 | Multiple Products | CRIT9.8 | 94% | OVERDUE | Oct 18, 22 | Jun 2, 26 | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManag |
| PATCH NOW | CVE-2024-55591 | FortiOS and FortiProxy | CRIT9.8 | 94% | OVERDUE | Jan 14, 25 | Jun 2, 26 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote atta |
| PATCH NOW | CVE-2023-48788 | FortiClient EMS | CRIT9.8 | 94% | OVERDUE | Mar 12, 24 | Jun 2, 26 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized c |
| PATCH NOW | CVE-2022-42475 | FortiOS | CRIT9.8 | 94% | OVERDUE | Jan 2, 23 | Jun 2, 26 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1 |
| PATCH NOW | CVE-2024-47575 | FortiManager | CRIT9.8 | 94% | OVERDUE | Oct 23, 24 | Jun 2, 26 | A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager |
| PATCH NOW | CVE-2025-64446 | FortiWeb | CRIT9.8 | 93% | OVERDUE | Nov 14, 25 | Jun 2, 26 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an atta |
| PATCH NOW | CVE-2024-21762 | FortiOS | CRIT9.8 | 93% | OVERDUE | Feb 9, 24 | Jun 2, 26 | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2 |
| PATCH NOW | CVE-2023-27997 | FortiOS and FortiProxy SSL-VPN | CRIT9.8 | 92% | OVERDUE | Jun 13, 23 | Jun 2, 26 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 |
| PATCH NOW | CVE-2026-21643 | FortiClient EMS | CRIT9.8 | 63% | OVERDUE | Feb 6, 26 | Jun 2, 26 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via sp |
| PATCH NOW | CVE-2024-23113 | Multiple Products | CRIT9.8 | 54% | OVERDUE | Feb 15, 24 | Jun 2, 26 | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 |
| PATCH NOW | CVE-2026-35616 | FortiClient EMS | CRIT9.8 | 35% | OVERDUE | Apr 3, 26 | Jun 2, 26 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. |
| PATCH NOW | CVE-2025-25257 | FortiWeb | CRIT9.8 | 26% | OVERDUE | Jul 17, 25 | Jun 2, 26 | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through |
| PATCH NOW | CVE-2025-32756 | Multiple Products | CRIT9.8 | 22% | OVERDUE | May 13, 25 | Jun 2, 26 | A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 |
| PATCH NOW | CVE-2025-59718 | Multiple Products | CRIT9.8 | 9% | OVERDUE | Dec 9, 25 | Jun 2, 26 | A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through |
| PATCH NOW | CVE-2024-21410 | Exchange Server | CRIT9.8 | 6% | OVERDUE | Feb 13, 24 | Jun 2, 26 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| PATCH NOW | CVE-2026-24858 | Multiple Products | CRIT9.8 | 4% | OVERDUE | Jan 27, 26 | Jun 2, 26 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, Fort |
| PATCH NOW | CVE-2021-34473 | Exchange Server | CRIT9.1 | 94% | OVERDUE | Jul 14, 21 | Jun 2, 26 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| PATCH NOW | CVE-2021-34523 | Exchange Server | CRIT9.0 | 94% | OVERDUE | Jul 14, 21 | Jun 2, 26 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| PATCH NOW | CVE-2022-41040 | Exchange Server | HIGH8.8 | 94% | OVERDUE | Oct 2, 22 | Jun 2, 26 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| PATCH NOW | CVE-2022-41080 | Exchange Server | HIGH8.8 | 94% | OVERDUE | Nov 9, 22 | Jun 2, 26 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| PATCH NOW | CVE-2021-42321 | Exchange | HIGH8.8 | 94% | OVERDUE | Nov 9, 21 | Jun 2, 26 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| PATCH NOW | CVE-2023-21529 | Exchange Server | HIGH8.8 | 28% | OVERDUE | Feb 14, 23 | Jun 2, 26 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| PATCH NOW | CVE-2024-20353 | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | HIGH8.6 | 17% | OVERDUE | Apr 24, 24 | Jun 2, 26 | A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the de |
| PATCH NOW | CVE-2025-24472 | FortiOS and FortiProxy | HIGH8.1 | 10% | OVERDUE | Feb 11, 25 | Jun 2, 26 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated atta |
of 200 total
WHY TRUST THIS
Human-guided. Evidence-driven. AI-assisted, never AI-decided.
SOURCES
NVD · CISA KEV · EPSS · vendor patch bulletins · 1000+ trusted feeds
CADENCE
Patch taxonomy synced every 24h · KEV / EPSS hourly
MATCHING
Vendor · product · description tokens
PRIVACY
Your stack stays in your browser. No login required.
Get pinged when your stack moves.
One email the moment a CVE lands on a product you watch — plus a five-minute morning brief. No fluff.