Latest CVE Feed

  1. Home
  2. CVE
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-36000

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 10.0

    CRITICAL
    CVE-2025-55169

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2025-55168

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_ficha... Read more

    Affected Products : wegia
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 7.2

    HIGH
    CVE-2025-53744

    An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to ... Read more

    Affected Products : fortios
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025

  • 8.1

    HIGH
    CVE-2025-52970

    A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device an... Read more

    Affected Products : fortiweb
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025

  • 7.2

    HIGH
    CVE-2025-49813

    An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized ... Read more

    Affected Products : fortiadc
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025

  • 6.7

    MEDIUM
    CVE-2025-47857

    A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via... Read more

    Affected Products : fortiweb
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025

  • 5.1

    MEDIUM
    CVE-2025-43734

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 20... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025

  • 7.5

    HIGH
    CVE-2025-36124

    IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2025-32932

    An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all v... Read more

    Affected Products : fortisoar
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025

  • 6.7

    MEDIUM
    CVE-2025-32766

    A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands... Read more

    Affected Products : fortiweb
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 6.7

    MEDIUM
    CVE-2025-27759

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated priv... Read more

    Affected Products : fortiweb
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 9.8

    CRITICAL
    CVE-2025-25256

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows a... Read more

    Affected Products : fortisiem
    • Published: Aug. 12, 2025
    • Modified: Aug. 15, 2025

  • 6.5

    MEDIUM
    CVE-2025-25248

    An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versi... Read more

    Affected Products : fortios fortiproxy fortipam
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2024-52964

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 thr... Read more

    Affected Products : fortimanager fortimanager_cloud
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 6.8

    MEDIUM
    CVE-2024-48892

    A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.... Read more

    Affected Products : fortisoar
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 4.4

    MEDIUM
    CVE-2024-40588

    Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera ... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 8.1

    HIGH
    CVE-2024-26009

    An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 7.2

    HIGH
    CVE-2023-45584

    A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and befo... Read more

    Affected Products : fortios fortiproxy fortipam
    • Published: Aug. 12, 2025
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2025-53793

    Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.... Read more

    • Published: Aug. 12, 2025
    • Modified: Aug. 18, 2025
Showing 20 of 290983 Results