Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-37608

    An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password.... Read more

    • EPSS Score: %0.07
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-37607

    Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.... Read more

    • EPSS Score: %0.19
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-34328

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unf... Read more

    Affected Products : xen
    • EPSS Score: %0.08
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-34327

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unf... Read more

    Affected Products : xen
    • EPSS Score: %0.08
    • Published: Jan. 05, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-32886

    In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6833p mt6835 mt6853 mt6853t +37 more products
    • EPSS Score: %1.08
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 6.7

    MEDIUM
    CVE-2023-32884

    In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; I... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +50 more products
    • EPSS Score: %0.02
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 6.7

    MEDIUM
    CVE-2023-32883

    In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Iss... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +47 more products
    • EPSS Score: %0.01
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 4.4

    MEDIUM
    CVE-2023-32876

    In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issu... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +48 more products
    • EPSS Score: %0.01
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 6.7

    MEDIUM
    CVE-2023-32872

    In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +48 more products
    • EPSS Score: %0.02
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-32424

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.... Read more

    Affected Products : iphone_os watchos ipados
    • EPSS Score: %0.01
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-29962

    S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.... Read more

    Affected Products : s-cms
    • EPSS Score: %0.13
    • Published: Jan. 04, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-28185

    An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-o... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.04
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-26998

    Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.... Read more

    Affected Products : ngeniusone
    • EPSS Score: %0.67
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2022-48504

    The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • EPSS Score: %0.14
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 7.8

    HIGH
    CVE-2022-3328

    Race condition in snap-confine's must_mkdir_and_open_with_perms()... Read more

    Affected Products : ubuntu_linux snapd
    • EPSS Score: %0.12
    • Published: Jan. 08, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-39009

    The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.13
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 4.9

    MEDIUM
    CVE-2020-26627

    A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Que... Read more

    • EPSS Score: %0.12
    • Published: Jan. 10, 2024
    • Modified: Jun. 03, 2025

  • 3.8

    LOW
    CVE-2020-26623

    SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.... Read more

    Affected Products : gila_cms
    • EPSS Score: %0.26
    • Published: Jan. 02, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2018-25095

    The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the s... Read more

    Affected Products : duplicator
    • EPSS Score: %0.66
    • Published: Jan. 08, 2024
    • Modified: Jun. 03, 2025

  • 4.7

    MEDIUM
    CVE-2024-22776

    Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.... Read more

    Affected Products : wallos
    • Published: Feb. 23, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292735 Results