Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2025-21124

    InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of... Read more

    Affected Products : macos windows indesign
    • Published: Feb. 11, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2025-21123

    InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in tha... Read more

    Affected Products : macos windows indesign
    • Published: Feb. 11, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-21121

    InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vi... Read more

    Affected Products : macos windows indesign
    • Published: Feb. 11, 2025
    • Modified: Mar. 03, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    CRITICAL
    CVE-2025-1126

    A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 8.4

    HIGH
    CVE-2024-52968

    An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.... Read more

    Affected Products : forticlient
    • Published: Feb. 11, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 2.3

    LOW
    CVE-2024-52966

    An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation.... Read more

    Affected Products : fortianalyzer fortianalyzer
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2024-50569

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.... Read more

    Affected Products : fortiweb
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-50567

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input.... Read more

    Affected Products : fortiweb
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-40591

    An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their... Read more

    Affected Products : fortios
    • Published: Feb. 11, 2025
    • Modified: Jul. 17, 2025

  • 6.7

    MEDIUM
    CVE-2024-40586

    An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe.... Read more

    Affected Products : forticlient
    • Published: Feb. 11, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-40584

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2024-36508

    An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 CLI allo... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2024-35279

    A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP... Read more

    Affected Products : fortios
    • Published: Feb. 11, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 7.7

    HIGH
    CVE-2024-33504

    A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permission... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Feb. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Cryptography

  • 9.0

    CRITICAL
    CVE-2024-27781

    An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.... Read more

    Affected Products : fortisandbox
    • Published: Feb. 11, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-27780

    Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-... Read more

    Affected Products : fortisiem
    • Published: Feb. 11, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-12756

    An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.... Read more

    Affected Products : spaces
    • Published: Feb. 11, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.9

    HIGH
    CVE-2024-12755

    A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.... Read more

    Affected Products : spaces
    • Published: Feb. 11, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2023-40721

    A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 thr... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2025-24976

    Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attack... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication
Showing 20 of 291634 Results