Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-22464

    An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Memory Corruption

  • 7.2

    HIGH
    CVE-2025-22461

    SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-22459

    Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.8

    HIGH
    CVE-2025-22458

    DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System.... Read more

    Affected Products : endpoint_manager
    • Published: Apr. 08, 2025
    • Modified: May. 17, 2025
    • Vuln Type: Authorization

  • 8.3

    HIGH
    CVE-2025-31498

    c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS,... Read more

    Affected Products : c-ares
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-30151

    Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security ... Read more

    Affected Products : shopware
    • Published: Apr. 08, 2025
    • Modified: Sep. 10, 2025

  • 5.5

    MEDIUM
    CVE-2025-30150

    Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-passw... Read more

    Affected Products : shopware
    • Published: Apr. 08, 2025
    • Modified: Sep. 10, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2025-25254

    An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access a... Read more

    Affected Products : fortiweb
    • Published: Apr. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Path Traversal

  • 4.8

    MEDIUM
    CVE-2025-22855

    An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.... Read more

    Affected Products : forticlientems
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2024-54025

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI r... Read more

    Affected Products : fortiisolator
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 7.2

    HIGH
    CVE-2024-54024

    An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorize... Read more

    Affected Products : fortiisolator
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2024-52962

    An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, vers... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-50565

    A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy ve... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2024-46671

    An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permi... Read more

    Affected Products : fortiweb
    • Published: Apr. 08, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authorization

  • 4.4

    MEDIUM
    CVE-2024-32122

    A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.... Read more

    Affected Products : fortios
    • Published: Apr. 08, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-26013

    A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7... Read more

    • Published: Apr. 08, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2023-37930

    Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities in Fortinet FortiOS SSL VPN webmode version 7.4.0, version 7.2.0 through 7.2.5, version 7.0.1 through 7.0.11 and version 6.4.7 throug... Read more

    Affected Products : fortios fortiproxy
    • Published: Apr. 08, 2025
    • Modified: Jul. 23, 2025
    • Vuln Type: Memory Corruption

  • 8.2

    HIGH
    CVE-2025-2876

    The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unaut... Read more

    Affected Products : melapress_login_security
    • Published: Apr. 08, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-2568

    The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 1.8

    LOW
    CVE-2025-30166

    Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session co... Read more

    Affected Products : admin_classic_bundle
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293335 Results