Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-27780

    Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-... Read more

    Affected Products : fortisiem
    • Published: Feb. 11, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2024-12756

    An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.... Read more

    Affected Products : spaces
    • Published: Feb. 11, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.9

    HIGH
    CVE-2024-12755

    A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.... Read more

    Affected Products : spaces
    • Published: Feb. 11, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2023-40721

    A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.6, FortiProxy version 7.4.0 and before 7.2.7, FortiPAM version 1.1.2 and before 1.0.3, FortiSwitchManager version 7.2.0 thr... Read more

    • Published: Feb. 11, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 6.6

    MEDIUM
    CVE-2025-24976

    Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attack... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 9.3

    CRITICAL
    CVE-2025-24973

    Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitl... Read more

    Affected Products : nexkey
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 8.6

    HIGH
    CVE-2025-24900

    Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Due to a lack of CSRF countermeasures and improper settings of cookies for MediaProxy authentication, there is a vulnerability that allows MediaProxy authenticat... Read more

    Affected Products : nexkey
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.2

    HIGH
    CVE-2025-24897

    Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, ... Read more

    Affected Products : misskey
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.1

    HIGH
    CVE-2025-24896

    Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted eve... Read more

    Affected Products : misskey
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-24807

    eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor i... Read more

    Affected Products : fast_dds
    • Published: Feb. 11, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authentication

  • 9.9

    CRITICAL
    CVE-2025-22467

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.... Read more

    Affected Products : connect_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2024-47908

    OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : cloud_services_appliance
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Injection

  • 6.0

    MEDIUM
    CVE-2024-13843

    Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Information Disclosure

  • 6.0

    MEDIUM
    CVE-2024-13842

    A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Cryptography

  • 6.1

    MEDIUM
    CVE-2024-13830

    Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13813

    Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.... Read more

    Affected Products : secure_access_client
    • Published: Feb. 11, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authorization

  • 6.3

    MEDIUM
    CVE-2024-12797

    Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. Impact summary: T... Read more

    Affected Products : openssl cryptography
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2024-12058

    External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Jul. 16, 2025

  • 5.3

    MEDIUM
    CVE-2024-11771

    Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality.... Read more

    Affected Products : cloud_services_appliance
    • Published: Feb. 11, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Path Traversal

  • 9.1

    CRITICAL
    CVE-2024-10644

    Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : connect_secure policy_secure
    • Published: Feb. 11, 2025
    • Modified: Jul. 14, 2025
    • Vuln Type: Injection
Showing 20 of 291659 Results