Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-22254

    An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & F... Read more

    Affected Products : fortios fortiproxy fortiweb
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-45329

    A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in A... Read more

    Affected Products : fortiportal
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2025-25254

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access a... Read more

    Affected Products : fortiweb
    • Published: Apr. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2023-48790

    A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests... Read more

    Affected Products : fortindr
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2023-42784

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2023-40723

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2... Read more

    Affected Products : fortisiem
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2023-7258

    A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend up... Read more

    Affected Products : gvisor
    • Published: May. 15, 2024
    • Modified: Jul. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-2410

    The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has alre... Read more

    Affected Products : protobuf protobuf-cpp
    • Published: May. 03, 2024
    • Modified: Jul. 22, 2025

  • 4.3

    MEDIUM
    CVE-2024-4128

    This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with... Read more

    Affected Products : firebase_command_line_interface
    • Published: May. 02, 2024
    • Modified: Jul. 22, 2025

  • 7.0

    HIGH
    CVE-2023-37244

    The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an a... Read more

    Affected Products : windows automation_manager
    • Published: May. 02, 2024
    • Modified: Jul. 22, 2025

  • 6.5

    MEDIUM
    CVE-2024-5166

    An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across authenticated Looker users sharing the same LookML model.... Read more

    Affected Products : looker
    • Published: May. 22, 2024
    • Modified: Jul. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-5436

    Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.... Read more

    Affected Products : snapchat_lenscore
    • Published: May. 31, 2024
    • Modified: Jul. 22, 2025

  • 7.5

    HIGH
    CVE-2023-6349

    A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above... Read more

    Affected Products : libvpx
    • Published: May. 27, 2024
    • Modified: Jul. 22, 2025

  • 7.8

    HIGH
    CVE-2024-8375

    There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, ... Read more

    Affected Products : reverb
    • Published: Sep. 19, 2024
    • Modified: Jul. 22, 2025

  • 6.3

    MEDIUM
    CVE-2024-7246

    It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys,... Read more

    Affected Products : grpc
    • Published: Aug. 06, 2024
    • Modified: Jul. 22, 2025

  • 7.5

    HIGH
    CVE-2025-54073

    mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol (LSP) capabilities. A command injection vulnerability exists in... Read more

    Affected Products :
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-20346

    A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vul... Read more

    Affected Products : appdynamics_controller appdynamics
    • Published: Mar. 06, 2024
    • Modified: Jul. 22, 2025

  • 9.1

    CRITICAL
    CVE-2024-5197

    There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the re... Read more

    Affected Products : debian_linux libvpx
    • Published: Jun. 03, 2024
    • Modified: Jul. 22, 2025

  • 8.8

    HIGH
    CVE-2018-1000216

    Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, dependi... Read more

    Affected Products : cjson cjson
    • Published: Aug. 20, 2018
    • Modified: Jul. 22, 2025

  • 9.8

    CRITICAL
    CVE-2016-10749

    parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a " character and ends with a \ character.... Read more

    Affected Products : cjson cjson
    • Published: Apr. 29, 2019
    • Modified: Jul. 22, 2025
Showing 20 of 293306 Results