CVE Database

14+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

14 results for "CWE-35"

CVE-2025-55057
4.5 MEDIUM

Multiple CWE-352 Cross-Site Request Forgery (CSRF)

Nov 17, 2025
CVE-2025-35981
5.5 MEDIUM

Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about …

Oct 23, 2025
CVE-2025-53950
5.5 MEDIUM

An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 …

Oct 16, 2025
CVE-2025-25255
5.3 MEDIUM

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy …

Oct 14, 2025
CVE-2024-55599
5.3 MEDIUM

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy …

Jul 8, 2025
CVE-2025-24908
6.8 MEDIUM

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled …

Apr 16, 2025
CVE-2025-24907
6.8 MEDIUM

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled …

Apr 16, 2025
CVE-2024-47573
6.5 MEDIUM

An improper validation of integrity check value vulnerability [CWE-354] in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 …

Mar 14, 2025
CVE-2025-26357
4.9 MEDIUM

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files …

Feb 12, 2025
CVE-2025-26355
6.5 MEDIUM

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files …

Feb 12, 2025
CVE-2025-26353
4.9 MEDIUM

A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files …

Feb 12, 2025
CVE-2025-26352
6.5 MEDIUM

A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to …

Feb 12, 2025
CVE-2025-26351
4.9 MEDIUM

A CWE-35 "Path Traversal" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to …

Feb 12, 2025
CVE-2024-47914
4.5 MEDIUM

VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)

Nov 14, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.

Website Scanner Port Scanner