Latest CVE Feed
- 
                                
                                6.5MEDIUMCVE-2025-25252An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed... Read more Affected Products : fortios- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authentication
 
- 
                                
                                7.5HIGHCVE-2025-25253An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versi... Read more - Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authentication
 
- 
                                
                                7.1HIGHCVE-2025-31365An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into ... Read more Affected Products : forticlient- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Injection
 
- 
                                
                                7.8HIGHCVE-2025-57741An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.... Read more Affected Products : forticlient- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                8.8HIGHCVE-2025-57740An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all ver... Read more - Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.3HIGHCVE-2025-57716An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the Forti... Read more Affected Products : forticlient- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                4.3MEDIUMCVE-2025-54822An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS... Read more - Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authorization
 
- 
                                
                                6.5MEDIUMCVE-2025-53845An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service v... Read more - Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authentication
 
- 
                                
                                9.8CRITICALCVE-2025-49201A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially craf... Read more - Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authentication
 
- 
                                
                                4.3MEDIUMCVE-2025-31514An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensiti... Read more - Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                6.1MEDIUMCVE-2025-31366An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all v... Read more - Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.7MEDIUMCVE-2025-22862An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow... Read more - Published: Oct. 02, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authentication
 
- 
                                
                                4.3MEDIUMCVE-2025-8291The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the Z... Read more Affected Products : python- Published: Oct. 07, 2025
- Modified: Oct. 15, 2025
 
- 
                                
                                8.8HIGHCVE-2025-8093Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.... Read more Affected Products : authenticator_login- Published: Oct. 10, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Authentication
 
- 
                                
                                4.9MEDIUMCVE-2025-37145Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                4.9MEDIUMCVE-2025-37144Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                7.6HIGHCVE-2025-11577Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears t... Read more Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Supply Chain
 
- 
                                
                                9.8CRITICALCVE-2025-31718In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.... Read more Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                9.8CRITICALCVE-2025-31717In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.... Read more Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                6.8MEDIUMCVE-2025-9698The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.... Read more Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
 
                         
                         
                         
                                             
                                            