Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CVSS31
    CVE-2024-39760

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP req... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 10.0

    CVSS31
    CVE-2024-39759

    Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP req... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.5

    CVSS31
    CVE-2024-36504

    An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN ... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 5.5

    CVSS31
    CVE-2024-32115

    A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.... Read more

    Affected Products : fortimanager
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 8.1

    CVSS31
    CVE-2024-23106

    An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HT... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.4

    CVSS31
    CVE-2024-21758

    A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protection... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.1

    CVSS31
    CVE-2023-42250

    Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 14, 2025

  • 6.1

    CVSS31
    CVE-2023-42249

    Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 14, 2025

  • 6.1

    CVSS31
    CVE-2023-42247

    Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 14, 2025

  • 6.1

    CVSS31
    CVE-2023-42246

    Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 14, 2025

  • 6.1

    CVSS31
    CVE-2023-42245

    Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 14, 2025

  • 6.1

    CVSS31
    CVE-2023-42233

    Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 14, 2025

  • 6.1

    CVSS31
    CVE-2023-42230

    Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.... Read more

    Affected Products :
    • Published: Jan. 13, 2025
    • Modified: Jan. 14, 2025

  • 8.8

    CVSS31
    CVE-2023-37931

    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack v... Read more

    Affected Products : fortivoice
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.7

    CVSS31
    CVE-2024-56497

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows a... Read more

    Affected Products : fortimail fortirecorder
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 2.7

    CVSS31
    CVE-2024-55593

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 6.5

    CVSS31
    CVE-2024-54021

    An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 4.1

    CVSS31
    CVE-2024-52969

    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.... Read more

    Affected Products : fortisiem
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 3.5

    CVSS31
    CVE-2024-52967

    An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.... Read more

    Affected Products : fortiportal
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025

  • 3.7

    CVSS31
    CVE-2024-52963

    A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.... Read more

    Affected Products : fortios fortipam
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
Showing 20 of 685 Results
© cvefeed.io
Latest DB Update: Jan. 15, 2025 16:53