Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-10749

    parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character.... Read more

    Affected Products : cjson cjson
    • EPSS Score: %0.57
    • Published: Apr. 29, 2019
    • Modified: Jul. 22, 2025

  • 9.8

    CRITICAL
    CVE-2019-11834

    cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal.... Read more

    • EPSS Score: %0.62
    • Published: May. 09, 2019
    • Modified: Jul. 22, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000217

    Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON... Read more

    Affected Products : cjson cjson
    • EPSS Score: %0.51
    • Published: Aug. 20, 2018
    • Modified: Jul. 22, 2025

  • 7.5

    HIGH
    CVE-2019-1010239

    DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is:... Read more

    • EPSS Score: %0.47
    • Published: Jul. 19, 2019
    • Modified: Jul. 22, 2025

  • 9.8

    CRITICAL
    CVE-2019-11835

    cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.... Read more

    • EPSS Score: %0.67
    • Published: May. 09, 2019
    • Modified: Jul. 22, 2025

  • 7.5

    HIGH
    CVE-2018-1000215

    Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low me... Read more

    Affected Products : cjson cjson
    • EPSS Score: %0.68
    • Published: Aug. 20, 2018
    • Modified: Jul. 22, 2025

  • 7.5

    HIGH
    CVE-2023-50472

    cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.... Read more

    Affected Products : cjson cjson
    • EPSS Score: %0.10
    • Published: Dec. 14, 2023
    • Modified: Jul. 22, 2025

  • 7.5

    HIGH
    CVE-2023-50471

    cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.... Read more

    Affected Products : cjson cjson
    • EPSS Score: %0.12
    • Published: Dec. 14, 2023
    • Modified: Jul. 22, 2025

  • 2.7

    LOW
    CVE-2025-24474

    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2024-20338

    A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path eleme... Read more

    Affected Products : linux_kernel secure_client
    • Published: Mar. 06, 2024
    • Modified: Jul. 22, 2025

  • 7.8

    HIGH
    CVE-2025-20206

    A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostSca... Read more

    Affected Products : windows secure_client
    • Published: Mar. 05, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.8

    MEDIUM
    CVE-2024-20391

    A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication ... Read more

    Affected Products : windows secure_client
    • Published: May. 15, 2024
    • Modified: Jul. 22, 2025

  • 8.2

    HIGH
    CVE-2024-20337

    A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validati... Read more

    Affected Products : linux_kernel macos windows secure_client
    • Published: Mar. 06, 2024
    • Modified: Jul. 22, 2025

  • 6.5

    MEDIUM
    CVE-2025-24471

    An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.... Read more

    Affected Products : fortios fortisase
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-25250

    An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full S... Read more

    Affected Products : fortios fortisase
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-21195

    Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : azure_service_fabric service_fabric
    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-52965

    A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.... Read more

    Affected Products : fortios fortiproxy
    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-32124

    An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.... Read more

    Affected Products : fortiisolator
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2024-27779

    An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 a... Read more

    Affected Products : fortisandbox fortiisolator
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-31104

    An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 al... Read more

    Affected Products : fortiadc
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection
Showing 20 of 292387 Results