Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2023-51071

    An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.... Read more

    Affected Products : archive_storage_manager
    • EPSS Score: %0.13
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-51068

    An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.... Read more

    Affected Products : archive_storage_manager
    • EPSS Score: %0.20
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-51063

    QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.... Read more

    Affected Products : archive_storage_manager
    • EPSS Score: %0.15
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-51059

    An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.... Read more

    • EPSS Score: %0.40
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50919

    An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N... Read more

    • EPSS Score: %43.74
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-50440

    ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL fo... Read more

    Affected Products : zed\! zedmail zonecentral
    • EPSS Score: %0.12
    • Published: Dec. 13, 2023
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-50072

    A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a docum... Read more

    Affected Products : openkm
    • EPSS Score: %4.11
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-4960

    The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i... Read more

    Affected Products : wcfm_marketplace
    • EPSS Score: %0.16
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-4248

    The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possibl... Read more

    Affected Products : givewp
    • EPSS Score: %0.09
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-49262

    The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.... Read more

    Affected Products : h8951-4g-esp_firmware h8951-4g-esp
    • EPSS Score: %0.03
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-49260

    An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.... Read more

    Affected Products : h8951-4g-esp_firmware h8951-4g-esp
    • EPSS Score: %0.08
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-49258

    User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter.... Read more

    Affected Products : h8951-4g-esp_firmware h8951-4g-esp
    • EPSS Score: %0.08
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-49255

    The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute com... Read more

    Affected Products : h8951-4g-esp_firmware h8951-4g-esp
    • EPSS Score: %0.08
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-47460

    SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.... Read more

    Affected Products : discovery
    • EPSS Score: %10.96
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-46942

    Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.... Read more

    Affected Products : evershop
    • EPSS Score: %0.10
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-46749

    Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemi... Read more

    Affected Products : shiro
    • EPSS Score: %0.20
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-43449

    An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.... Read more

    Affected Products : hummerrisk
    • EPSS Score: %0.16
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-34061

    Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.... Read more

    • EPSS Score: %0.17
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-30015

    SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.... Read more

    Affected Products : judging_management_system
    • EPSS Score: %0.93
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-30014

    SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.... Read more

    Affected Products : judging_management_system
    • EPSS Score: %0.93
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292247 Results