Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-52031

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.... Read more

    Affected Products : a3700r_firmware a3700r
    • EPSS Score: %14.82
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51971

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.24
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51964

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.24
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51956

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.24
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51954

    Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.24
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-51277

    nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.... Read more

    Affected Products : jupyter_notebook_viewer
    • EPSS Score: %0.29
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-51127

    FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a ... Read more

    Affected Products : flir_ax8_firmware flir_ax8
    • EPSS Score: %4.08
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 9.0

    CRITICAL
    CVE-2023-50982

    Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user.... Read more

    Affected Products : stud.ip
    • EPSS Score: %0.51
    • Published: Jan. 08, 2024
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2023-50922

    An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.... Read more

    • EPSS Score: %0.08
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2023-50916

    Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application... Read more

    Affected Products : device_manager
    • EPSS Score: %0.30
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50643

    An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.... Read more

    Affected Products : evernote
    • EPSS Score: %21.06
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 7.8

    HIGH
    CVE-2023-50612

    Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.... Read more

    Affected Products : cloudexplorer_lite
    • EPSS Score: %0.03
    • Published: Jan. 06, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-50609

    Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx.... Read more

    • EPSS Score: %0.17
    • Published: Jan. 06, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50585

    Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.... Read more

    Affected Products : a18_firmware a18
    • EPSS Score: %0.16
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-50345

    HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. ... Read more

    Affected Products : dryice_myxalytics
    • EPSS Score: %0.17
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2023-50162

    SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function.... Read more

    Affected Products : empirecms
    • EPSS Score: %0.86
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-50136

    Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-50126

    Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disa... Read more

    Affected Products : alarm_system
    • EPSS Score: %0.04
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50090

    Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.... Read more

    Affected Products : ureport2
    • EPSS Score: %0.10
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50027

    SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() met... Read more

    Affected Products : bazoom_magnifier
    • EPSS Score: %0.44
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292508 Results