Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.0

    MEDIUM
    CVE-2024-32116

    Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a p... Read more

    • Published: Nov. 12, 2024
    • Modified: Jan. 21, 2025

  • 6.7

    MEDIUM
    CVE-2024-31496

    A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged at... Read more

    • Published: Nov. 12, 2024
    • Modified: Jan. 21, 2025

  • 9.8

    CRITICAL
    CVE-2024-26011

    A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.... Read more

    • Published: Nov. 12, 2024
    • Modified: Dec. 12, 2024

  • 8.8

    HIGH
    CVE-2024-23666

    A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.... Read more

    • Published: Nov. 12, 2024
    • Modified: Jan. 21, 2025

  • 9.1

    CRITICAL
    CVE-2023-52268

    The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2023-50176

    A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.... Read more

    Affected Products : fortios
    • Published: Nov. 12, 2024
    • Modified: Dec. 12, 2024

  • 8.1

    HIGH
    CVE-2023-47543

    An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.... Read more

    Affected Products : fortiportal
    • Published: Nov. 12, 2024
    • Modified: Jan. 02, 2025

  • 4.1

    MEDIUM
    CVE-2023-44255

    An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read e... Read more

    • Published: Nov. 12, 2024
    • Modified: Jan. 21, 2025

  • 8.8

    HIGH
    CVE-2024-8069

    Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server... Read more

    Affected Products : session_recording
    • Actively Exploited
    • Published: Nov. 12, 2024
    • Modified: Aug. 26, 2025

  • 8.0

    HIGH
    CVE-2024-8068

    Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain... Read more

    Affected Products : session_recording
    • Actively Exploited
    • Published: Nov. 12, 2024
    • Modified: Aug. 26, 2025

  • 4.8

    MEDIUM
    CVE-2024-51720

    An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone nu... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 8.8

    HIGH
    CVE-2024-49056

    Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.... Read more

    Affected Products : airlift_microsoft_com
    • Published: Nov. 12, 2024
    • Modified: Jan. 07, 2025

  • 7.8

    HIGH
    CVE-2024-49051

    Microsoft PC Manager Elevation of Privilege Vulnerability... Read more

    Affected Products : pc_manager
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.8

    HIGH
    CVE-2024-49050

    Visual Studio Code Python Extension Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Jul. 15, 2025

  • 7.1

    HIGH
    CVE-2024-49049

    Visual Studio Code Remote Extension Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio_code remote_ssh
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 8.1

    HIGH
    CVE-2024-49048

    TorchGeo Remote Code Execution Vulnerability... Read more

    Affected Products : torchgeo
    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 7.8

    HIGH
    CVE-2024-49046

    Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 18, 2024

  • 6.7

    MEDIUM
    CVE-2024-49044

    Visual Studio Elevation of Privilege Vulnerability... Read more

    Affected Products : visual_studio visual_studio_2022
    • Published: Nov. 12, 2024
    • Modified: Nov. 16, 2024

  • 7.8

    HIGH
    CVE-2024-49043

    Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability... Read more

    • Published: Nov. 12, 2024
    • Modified: Nov. 15, 2024

  • 7.5

    HIGH
    CVE-2024-49040

    Microsoft Exchange Server Spoofing Vulnerability... Read more

    Affected Products : exchange_server
    • Published: Nov. 12, 2024
    • Modified: Nov. 16, 2024
Showing 20 of 291739 Results