Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2024-52962

    An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, vers... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2023-37930

    Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 throug... Read more

    Affected Products : fortios fortiproxy
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2023-33302

    A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows a... Read more

    Affected Products : fortimail fortindr
    • Published: Mar. 31, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2021-26091

    A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of ... Read more

    Affected Products : fortimail
    • Published: Mar. 24, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2019-16151

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to ... Read more

    Affected Products : fortios
    • Published: Mar. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20166

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-55590

    Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission an... Read more

    Affected Products : fortiisolator
    • Published: Mar. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-20123

    Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These... Read more

    Affected Products : crosswork_network_controller
    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-54018

    Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-20507

    A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information... Read more

    Affected Products : meeting_management
    • Published: Nov. 06, 2024
    • Modified: Jul. 23, 2025

  • 4.8

    MEDIUM
    CVE-2021-1130

    A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.17
    • Published: Jan. 13, 2021
    • Modified: Jul. 23, 2025

  • 8.8

    HIGH
    CVE-2021-1303

    A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An ... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.18
    • Published: Jan. 20, 2021
    • Modified: Jul. 23, 2025

  • 7.5

    HIGH
    CVE-2020-3411

    A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.73
    • Published: Aug. 17, 2020
    • Modified: Jul. 23, 2025

  • 8.1

    HIGH
    CVE-2019-1841

    A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-suppli... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %1.15
    • Published: Apr. 18, 2019
    • Modified: Jul. 23, 2025

  • 5.4

    MEDIUM
    CVE-2019-15253

    A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interfa... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.16
    • Published: Feb. 05, 2020
    • Modified: Jul. 23, 2025

  • 6.1

    MEDIUM
    CVE-2020-3466

    Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabi... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.35
    • Published: Aug. 26, 2020
    • Modified: Jul. 23, 2025

  • 4.3

    MEDIUM
    CVE-2021-34782

    A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improp... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.13
    • Published: Oct. 06, 2021
    • Modified: Jul. 23, 2025

  • 8.8

    HIGH
    CVE-2023-20182

    Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.21
    • Published: May. 18, 2023
    • Modified: Jul. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-20059

    A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credential... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.10
    • Published: Mar. 23, 2023
    • Modified: Jul. 23, 2025

  • 7.7

    HIGH
    CVE-2021-1265

    A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configurati... Read more

    Affected Products : dna_center catalyst_center
    • EPSS Score: %0.11
    • Published: Jan. 20, 2021
    • Modified: Jul. 23, 2025
Showing 20 of 291618 Results