Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-0596

    A stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-0595

    A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.... Read more

    Affected Products : 3dexperience
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2024-9055

    The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack.... Read more

    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cryptography

  • 8.2

    HIGH
    CVE-2024-54027

    A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attack... Read more

    Affected Products : fortisandbox
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2021-32584

    An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certa... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2021-26087

    An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the sa... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2021-22126

    A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U... Read more

    Affected Products : fortiwlc
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 4.7

    MEDIUM
    CVE-2020-9295

    FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR arch... Read more

    Affected Products : fortios forticlient antivirus_engine
    • Published: Mar. 17, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2020-29010

    An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4 and below, version 6.0.10 and belowmay allow remote authenticated actors to read the SSL VPN events log entries of users in other VDOMs by executing "get... Read more

    Affected Products : fortios
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2019-6697

    An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the Fort... Read more

    Affected Products : fortios
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2019-17659

    A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another i... Read more

    Affected Products : fortisiem
    • Published: Mar. 17, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cryptography

  • 5.4

    MEDIUM
    CVE-2019-15706

    An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacke... Read more

    Affected Products : fortios fortiproxy
    • Published: Mar. 17, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-2401

    Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking.... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-2378

    A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been classified as critical. This affects an unknown part of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to sql injection. It is... Read more

    • Published: Mar. 17, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-2377

    A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scriptin... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-2376

    A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-2375

    A vulnerability, which was classified as problematic, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /profile.php of the component Admin Profile Page. The manipulation of the argume... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2374

    A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument aid/adminname/mobile... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-2373

    A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /check_availability.php. The manipulation of the argument mobnumber/employeeid leads to... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Injection

  • 6.9

    MEDIUM
    CVE-2025-2202

    Broken access control vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain sensitive information about other users such as id, name, login and email.... Read more

    Affected Products :
    • Published: Mar. 17, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Authorization
Showing 20 of 293182 Results