Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-29774

    xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-cry... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 15, 2025

  • 7.1

    HIGH
    CVE-2025-29387

    In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29386

    In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29385

    In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29384

    In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Memory Corruption

  • 5.1

    MEDIUM
    CVE-2025-27606

    Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical... Read more

    Affected Products : element
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Authentication

  • 4.6

    MEDIUM
    CVE-2025-1888

    The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field ... Read more

    Affected Products :
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-55594

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2025-25873

    Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function... Read more

    Affected Products : openadmin
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2025-25872

    An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function... Read more

    Affected Products : openpanel
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authorization

  • 8.0

    HIGH
    CVE-2025-25871

    An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function... Read more

    Affected Products : openpanel
    • Published: Mar. 14, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-40585

    An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.... Read more

    • Published: Mar. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2023-48785

    An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an invent... Read more

    Affected Products : fortinac-f
    • Published: Mar. 14, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 8.2

    HIGH
    CVE-2023-45588

    An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /... Read more

    Affected Products : forticlient
    • Published: Mar. 14, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2023-33300

    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communica... Read more

    Affected Products : fortinac
    • Published: Mar. 14, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2022-29059

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands ... Read more

    Affected Products : fortiweb
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-47573

    An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission ... Read more

    Affected Products : fortindr
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-46662

    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafte... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Mar. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-45643

    IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Mar. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cryptography

  • 4.4

    MEDIUM
    CVE-2024-45638

    IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Mar. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293338 Results