Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2024-33501

    Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnal... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2024-32123

    Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 throu... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2024-36508

    An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allo... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2023-40721

    A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 thr... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 5.0

    MEDIUM
    CVE-2024-50570

    A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a loca... Read more

    Affected Products : forticlient
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 6.5

    MEDIUM
    CVE-2024-47573

    An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission ... Read more

    Affected Products : fortindr
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-46662

    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafte... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-40590

    An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may all... Read more

    Affected Products : fortiportal
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2024-55597

    A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-54026

    An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.... Read more

    Affected Products : fortisandbox fortisandbox_cloud
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-52960

    A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2022-43840

    IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.... Read more

    Affected Products : aspera_console
    • Published: Apr. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2024-46663

    A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.... Read more

    Affected Products : fortimail
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2024-22004

    Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application ... Read more

    • Published: Apr. 05, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47038

    In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for ... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47039

    In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47040

    There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    HIGH
    CVE-2010-0425

    modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAP... Read more

    • Published: Mar. 05, 2010
    • Modified: Jul. 24, 2025

  • 7.5

    HIGH
    CVE-2025-47422

    Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and e... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    HIGH
    CVE-2019-11687

    An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable ... Read more

    Affected Products : dicom_standard
    • Published: May. 02, 2019
    • Modified: Jul. 24, 2025
Showing 20 of 292801 Results