Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-50345

    HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. ... Read more

    Affected Products : dryice_myxalytics
    • EPSS Score: %0.17
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2023-50162

    SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function.... Read more

    Affected Products : empirecms
    • EPSS Score: %0.86
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-50136

    Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-50126

    Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disa... Read more

    Affected Products : alarm_system
    • EPSS Score: %0.04
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50090

    Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.... Read more

    Affected Products : ureport2
    • EPSS Score: %0.10
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50027

    SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() met... Read more

    Affected Products : bazoom_magnifier
    • EPSS Score: %0.44
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-49558

    An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.... Read more

    Affected Products : yasm
    • EPSS Score: %0.33
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-49556

    Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.... Read more

    Affected Products : yasm
    • EPSS Score: %0.51
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-49553

    An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.... Read more

    Affected Products : mjs
    • EPSS Score: %1.25
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-49471

    Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code... Read more

    Affected Products : bar_assistant
    • EPSS Score: %15.40
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-49394

    Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.... Read more

    Affected Products : zentao
    • EPSS Score: %0.20
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-48261

    The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.... Read more

    • EPSS Score: %0.24
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-47997

    An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.... Read more

    Affected Products : freeimage
    • EPSS Score: %0.09
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-47994

    An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.... Read more

    Affected Products : freeimage
    • EPSS Score: %0.14
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-47890

    pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.... Read more

    Affected Products : pyload
    • EPSS Score: %0.26
    • Published: Jan. 08, 2024
    • Modified: Jun. 03, 2025

  • 4.7

    MEDIUM
    CVE-2023-46836

    The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) de... Read more

    Affected Products : xen
    • EPSS Score: %0.01
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2023-46474

    File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.... Read more

    Affected Products : pmb
    • EPSS Score: %72.69
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-46308

    In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.... Read more

    Affected Products : plotly.js
    • EPSS Score: %0.14
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-45722

    HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.  The pr... Read more

    Affected Products : dryice_myxalytics
    • EPSS Score: %0.12
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 8.2

    HIGH
    CVE-2023-45559

    An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.09
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292507 Results