Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-57189

    In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-57186

    In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.... Read more

    Affected Products : erxes
    • Published: Jun. 10, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-54019

    A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirec... Read more

    Affected Products : forticlient
    • Published: Jun. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Misconfiguration

  • 5.9

    MEDIUM
    CVE-2024-50568

    A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated a... Read more

    Affected Products : fortios fortiproxy
    • Published: Jun. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2024-50562

    An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN p... Read more

    Affected Products : fortios fortipam fortisase
    • Published: Jun. 10, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-45329

    A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in A... Read more

    Affected Products : fortiportal
    • Published: Jun. 10, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2024-43706

    Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.... Read more

    Affected Products : kibana
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-32119

    An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on... Read more

    Affected Products : forticlientems
    • Published: Jun. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2023-48786

    A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.... Read more

    Affected Products : forticlientems
    • Published: Jun. 10, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Server-Side Request Forgery

  • 3.2

    LOW
    CVE-2023-29184

    An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.... Read more

    Affected Products : fortios fortiproxy
    • Published: Jun. 10, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Misconfiguration

  • 7.9

    HIGH
    CVE-2023-20599

    Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86, resulting in potential loss of control of cryptographic key pointer/index, leading to loss of int... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 7.0

    HIGH
    CVE-2025-4678

    Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 7.0

    HIGH
    CVE-2025-4653

    Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-49143

    Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or R... Read more

    Affected Products : nautobot
    • Published: Jun. 10, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-49142

    Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed... Read more

    Affected Products : nautobot
    • Published: Jun. 10, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Misconfiguration

  • 4.9

    MEDIUM
    CVE-2025-48937

    matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify ev... Read more

    Affected Products : matrix-rust-sdk
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-48879

    OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The... Read more

    Affected Products : octoprint
    • Published: Jun. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-48067

    OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has ... Read more

    Affected Products : octoprint
    • Published: Jun. 10, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal

  • 8.4

    HIGH
    CVE-2025-47110

    Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fiel... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Jun. 10, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-44044

    Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can exfiltrate some files from the underlying operating system.... Read more

    Affected Products :
    • Published: Jun. 10, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: XML External Entity
Showing 20 of 291625 Results