Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-54313

    eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.... Read more

    Affected Products :
    • Published: Jul. 19, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Supply Chain

  • 4.0

    MEDIUM
    CVE-2025-52924

    In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header.... Read more

    Affected Products :
    • Published: Jul. 19, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 9.0

    HIGH
    CVE-2025-7913

    A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to... Read more

    Affected Products : t6_firmware t6
    • Published: Jul. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-46001

    An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-20168

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20167

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.0

    HIGH
    CVE-2025-7912

    A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The atta... Read more

    Affected Products : t6_firmware t6
    • Published: Jul. 20, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2024-48887

    A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-22855

    An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.... Read more

    Affected Products : forticlientems
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-54025

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI r... Read more

    Affected Products : fortiisolator
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-54024

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorize... Read more

    Affected Products : fortiisolator
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-52962

    An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, vers... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2023-37930

    Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 throug... Read more

    Affected Products : fortios fortiproxy
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2023-33302

    A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows a... Read more

    Affected Products : fortimail fortindr
    • Published: Mar. 31, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2021-26091

    A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to infer parts of ... Read more

    Affected Products : fortimail
    • Published: Mar. 24, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2019-16151

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to ... Read more

    Affected Products : fortios
    • Published: Mar. 21, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-20166

    A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is ... Read more

    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-55590

    Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission an... Read more

    Affected Products : fortiisolator
    • Published: Mar. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-20123

    Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These... Read more

    Affected Products : crosswork_network_controller
    • Published: Jan. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2024-54018

    Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection
Showing 20 of 292110 Results