Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-37933

    An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP o... Read more

    Affected Products : fortiadc
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2025-24470

    An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.... Read more

    Affected Products : fortiportal
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 2.3

    LOW
    CVE-2024-52966

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation.... Read more

    Affected Products : fortianalyzer fortianalyzer
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2024-50569

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.... Read more

    Affected Products : fortiweb
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-50567

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.... Read more

    Affected Products : fortiweb
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-40584

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 9.0

    CRITICAL
    CVE-2024-27781

    An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.... Read more

    Affected Products : fortisandbox
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-46666

    An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to ... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-36504

    An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN ... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2023-37931

    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack v... Read more

    Affected Products : fortivoice
    • Published: Jan. 14, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2025-22254

    An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & F... Read more

    Affected Products : fortios fortiproxy fortiweb
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-45329

    A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in A... Read more

    Affected Products : fortiportal
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-25254

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access a... Read more

    Affected Products : fortiweb
    • Published: Apr. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2023-48790

    A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests... Read more

    Affected Products : fortindr
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2023-42784

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2023-40723

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2... Read more

    Affected Products : fortisiem
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2023-7258

    A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend up... Read more

    Affected Products : gvisor
    • Published: May. 15, 2024
    • Modified: Jul. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-2410

    The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has alre... Read more

    Affected Products : protobuf protobuf-cpp
    • Published: May. 03, 2024
    • Modified: Jul. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-4128

    This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with... Read more

    Affected Products : firebase_command_line_interface
    • Published: May. 02, 2024
    • Modified: Jul. 22, 2025

  • 7.0

    HIGH
    CVE-2023-37244

    The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an a... Read more

    Affected Products : windows automation_manager
    • Published: May. 02, 2024
    • Modified: Jul. 22, 2025
Showing 20 of 292318 Results