Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-48790

    A cross site request forgery vulnerability [CWE-352] in Fortinet FortiNDR version 7.4.0, 7.2.0 through 7.2.1 and 7.1.0 through 7.1.1 and before 7.0.5 may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests... Read more

    Affected Products : fortindr
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 9.8

    CRITICAL
    CVE-2023-42784

    An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.... Read more

    Affected Products : fortiweb
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2023-40723

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2... Read more

    Affected Products : fortisiem
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 8.8

    HIGH
    CVE-2023-37933

    An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP o... Read more

    Affected Products : fortiadc
    • Published: Mar. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-2196

    A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the ... Read more

    Affected Products : mrcms
    • Published: Mar. 11, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-2195

    A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path l... Read more

    Affected Products : mrcms
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-2194

    A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cro... Read more

    Affected Products : mrcms
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-27363

    An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed shor... Read more

    Affected Products : debian_linux freetype
    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.3

    MEDIUM
    CVE-2025-22370

    Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-22369

    The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Information Disclosure

  • 8.7

    HIGH
    CVE-2025-22368

    The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-22367

    The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 8.7

    HIGH
    CVE-2025-22366

    The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2024-54085

    AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.... Read more

    • Actively Exploited
    • Published: Mar. 11, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-54084

    APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.... Read more

    Affected Products : aptio_v
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Race Condition

  • 8.1

    HIGH
    CVE-2025-2193

    A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument pat... Read more

    Affected Products : mrcms
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Path Traversal

  • 5.3

    MEDIUM
    CVE-2025-2192

    A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. The manipulation of the argument inpRedirectURL leads to server-side requ... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.8

    MEDIUM
    CVE-2025-2191

    A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. The manipul... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.1

    MEDIUM
    CVE-2025-2189

    This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintex... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cryptography

  • 9.4

    CRITICAL
    CVE-2025-27494

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an aut... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization
Showing 20 of 293510 Results