Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2025-22454

    Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.... Read more

    Affected Products : secure_access_client
    • Published: Mar. 11, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-55597

    A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Path Traversal

  • 3.8

    LOW
    CVE-2024-55592

    An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all ver... Read more

    Affected Products : fortisiem
    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-55590

    Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission an... Read more

    Affected Products : fortiisolator
    • Published: Mar. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-54026

    An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox Cloud version 23.4, FortiSandbox at least 4.4.0 through 4.4.6 and 4.2.0 through 4.2.7 and 4.0.0 through 4.0.5 and 3.2.0 through 3.2.4 and 3.1.... Read more

    Affected Products : fortisandbox fortisandbox_cloud
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-54018

    Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests.... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-52961

    An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permissi... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-52960

    A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-51322

    Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components... Read more

    Affected Products : ad_hoc_infinity
    • Published: Mar. 11, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2024-51321

    In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication.... Read more

    Affected Products : ad_hoc_infinity
    • Published: Mar. 11, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-51320

    Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdm_fsave_htmltmp, /servlet/gsdm_btlk_openfile components... Read more

    Affected Products : ad_hoc_infinity
    • Published: Mar. 11, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-51319

    A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.... Read more

    Affected Products : ad_hoc_infinity
    • Published: Mar. 11, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2024-46663

    A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.1 and before 7.4.3 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands.... Read more

    Affected Products : fortimail
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2024-45328

    An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.... Read more

    Affected Products : fortisandbox
    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-45324

    A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 ... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2024-33501

    Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnal... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2024-32123

    Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 throu... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2023-48790

    A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests... Read more

    Affected Products : fortindr
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2023-42784

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2023-40723

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2... Read more

    Affected Products : fortisiem
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292827 Results