Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-35275

    A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http re... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-35273

    A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-33503

    A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2024-33502

    An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Path Traversal

  • 5.5

    MEDIUM
    CVE-2024-32115

    A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.... Read more

    Affected Products : fortimanager
    • Published: Jan. 14, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2024-27778

    An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to ex... Read more

    Affected Products : fortisandbox
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2024-26012

    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, Fort... Read more

    Affected Products : fortiap fortiap-w2 fortiap-s
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-23106

    An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HT... Read more

    Affected Products : forticlientems
    • Published: Jan. 14, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 6.7

    MEDIUM
    CVE-2024-21758

    A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protection... Read more

    Affected Products : fortiweb
    • Published: Jan. 14, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-11864

    Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2024-11863

    Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Denial of Service

  • 8.8

    HIGH
    CVE-2024-11497

    An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Authorization

  • 5.0

    MEDIUM
    CVE-2023-46715

    An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP o... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2023-42786

    A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2023-42785

    A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request.... Read more

    Affected Products : fortios
    • Published: Jan. 14, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2023-37937

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 al... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-37936

    A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands v... Read more

    Affected Products : fortiswitch fortiswitch
    • Published: Jan. 14, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2023-37931

    An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack v... Read more

    Affected Products : fortivoice
    • Published: Jan. 14, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 9.1

    CRITICAL
    CVE-2024-56841

    A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Jan. 14, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2024-53649

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291827 Results