Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2024-21797

    A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger... Read more

    Affected Products : wl-wn533a8_firmware wl-wn533a8
    • Published: Jan. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Injection

  • 8.2

    HIGH
    CVE-2024-7344

    Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2024-56497

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows a... Read more

    Affected Products : fortimail fortirecorder
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2024-55593

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-55591

    An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges... Read more

    Affected Products : fortios fortiproxy
    • Actively Exploited
    • Published: Jan. 14, 2025
    • Modified: Jan. 23, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2024-54021

    An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter ... Read more

    Affected Products : fortios fortiproxy
    • Published: Jan. 14, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 6.5

    MEDIUM
    CVE-2024-52969

    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.... Read more

    Affected Products : fortisiem
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2024-52967

    An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.... Read more

    Affected Products : fortiportal
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2024-52963

    A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.... Read more

    Affected Products : fortios fortipam
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-50566

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 3.3

    LOW
    CVE-2024-50564

    A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped.... Read more

    Affected Products : forticlient
    • Published: Jan. 14, 2025
    • Modified: Jun. 11, 2025
    • Vuln Type: Cryptography

  • 6.8

    MEDIUM
    CVE-2024-48893

    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malic... Read more

    Affected Products : fortisoar
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-48890

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a spe... Read more

    Affected Products : fortisoar fortisoar_imap_connector
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-48886

    A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManage... Read more

    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-48884

    A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 thro... Read more

    • Published: Jan. 14, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Path Traversal

  • 9.0

    CRITICAL
    CVE-2024-47572

    An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file... Read more

    Affected Products : fortisoar
    • Published: Jan. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-47571

    An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials.... Read more

    Affected Products : fortimanager
    • Published: Jan. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2024-47566

    A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI re... Read more

    Affected Products : fortirecorder
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2024-46670

    An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumpti... Read more

    Affected Products : fortios fortipam
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2024-46669

    An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, r... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Denial of Service
Showing 20 of 291641 Results