Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-24471

    An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.... Read more

    Affected Products : fortios fortisase
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-25250

    An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full S... Read more

    Affected Products : fortios fortisase
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2025-21195

    Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.... Read more

    Affected Products : azure_service_fabric service_fabric
    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-52965

    A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.... Read more

    Affected Products : fortios fortiproxy
    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-32124

    An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.... Read more

    Affected Products : fortiisolator
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 6.7

    MEDIUM
    CVE-2024-27779

    An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 a... Read more

    Affected Products : fortisandbox fortiisolator
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-31104

    An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 al... Read more

    Affected Products : fortiadc
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-6965

    There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.... Read more

    Affected Products : sqlite
    • Published: Jul. 15, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Memory Corruption

  • 8.5

    HIGH
    CVE-2025-6232

    An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.... Read more

    Affected Products : vantage commercial_vantage
    • Published: Jul. 17, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 8.5

    HIGH
    CVE-2025-6231

    An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.... Read more

    Affected Products : vantage commercial_vantage
    • Published: Jul. 17, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-1735

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as... Read more

    Affected Products : php
    • Published: Jul. 13, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-1220

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url... Read more

    Affected Products : php
    • Published: Jul. 13, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-20163

    A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An... Read more

    • Published: Jun. 04, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2025-6491

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect... Read more

    Affected Products : php
    • Published: Jul. 13, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-20267

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insu... Read more

    Affected Products : identity_services_engine
    • Published: May. 21, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-55599

    An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all ... Read more

    Affected Products : fortios fortiproxy fortisase
    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-7326

    Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor supp... Read more

    Affected Products : asp.net_core
    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-54075

    MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a `<base href="... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-53645

    Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated ... Read more

    Affected Products :
    • Published: Jul. 09, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-53640

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could... Read more

    Affected Products : indico
    • Published: Jul. 14, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292774 Results