Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-54446

    Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on t... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2024-54445

    Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presen... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2024-29409

    File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header.... Read more

    Affected Products : nest
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025

  • 8.7

    HIGH
    CVE-2024-12245

    Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the prese... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-12020

    There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possibl... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-12019

    The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing do... Read more

    Affected Products : logicaldoc
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Information Disclosure

  • 9.3

    CRITICAL
    CVE-2025-29774

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-cry... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 15, 2025

  • 7.1

    HIGH
    CVE-2025-29387

    In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29386

    In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29385

    In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29384

    In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-27606

    Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical... Read more

    Affected Products : element
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authentication

  • 4.6

    MEDIUM
    CVE-2025-1888

    The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field ... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55594

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-25873

    Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function... Read more

    Affected Products : openadmin
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-25872

    An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function... Read more

    Affected Products : openpanel
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2025-25871

    An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function... Read more

    Affected Products : openpanel
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-40585

    An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.... Read more

    • Published: Mar. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2023-48785

    An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an invent... Read more

    Affected Products : fortinac-f
    • Published: Mar. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2023-45588

    An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /... Read more

    Affected Products : forticlient
    • Published: Mar. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293164 Results