Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2023-33300

    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communica... Read more

    Affected Products : fortinac
    • Published: Mar. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2022-29059

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands ... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-47573

    An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission ... Read more

    Affected Products : fortindr
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-46662

    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafte... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-45643

    IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Mar. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cryptography

  • 4.4

    MEDIUM
    CVE-2024-45638

    IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Mar. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2024-40590

    An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may all... Read more

    Affected Products : fortiportal
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2023-52927

    In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some s... Read more

    Affected Products : linux_kernel
    • Published: Mar. 14, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Misconfiguration

  • 6.9

    MEDIUM
    CVE-2025-2268

    The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Denial of Service

  • 8.7

    HIGH
    CVE-2025-29776

    Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the glob... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Denial of Service

  • 5.9

    MEDIUM
    CVE-2025-29032

    Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29031

    Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29030

    Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29029

    Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Mar. 14, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Memory Corruption

  • 9.4

    CRITICAL
    CVE-2025-2304

    A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which all... Read more

    Affected Products : camaleon_cms
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-2000

    A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potenti... Read more

    Affected Products : qiskit
    • Published: Mar. 14, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-27595

    The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cryptography

  • 7.5

    HIGH
    CVE-2025-27594

    The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the d... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cryptography

  • 9.3

    CRITICAL
    CVE-2025-27593

    The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Supply Chain

  • 6.5

    MEDIUM
    CVE-2025-26626

    The GLPI Inventory Plugin handles various types of tasks for GLPI agents for the GLPI asset and IT management software package. Versions prior to 1.5.0 are vulnerable to reflective cross-site scripting, which may lead to executing javascript code. Version... Read more

    Affected Products : glpi_inventory
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293304 Results