Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2023-50342

    HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A user can obtain certain details about another user as a result of improper access control. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 03, 2025

  • 7.1

    HIGH
    CVE-2023-49739

    Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23.... Read more

    • Published: Dec. 14, 2023
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-45718

    Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.... Read more

    Affected Products : sametime
    • Published: Feb. 09, 2024
    • Modified: Jun. 03, 2025

  • 4.1

    MEDIUM
    CVE-2023-45716

    Sametime is impacted by sensitive information passed in URL. ... Read more

    Affected Products : sametime
    • Published: Feb. 09, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-45696

    Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. ... Read more

    Affected Products : sametime
    • Published: Feb. 10, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-45190

    IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cr... Read more

    • Published: Feb. 09, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2023-37531

    A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. ... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 29, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-37530

    A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. ... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 29, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-37529

    A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerabi... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 29, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-37528

    A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. ... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 03, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-37527

    A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering c... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 02, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-37523

    Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. ... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-34042

    The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732:... Read more

    • Published: Feb. 05, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-31002

    IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.... Read more

    • Published: Feb. 07, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2022-40713

    An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.... Read more

    Affected Products : 1350_optical_management_system
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2022-40712

    An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.... Read more

    Affected Products : 1350_optical_management_system
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2022-38833

    School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.... Read more

    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2022-38832

    School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.... Read more

    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2022-38577

    ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.... Read more

    Affected Products : processmaker
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-23767

    This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining pr... Read more

    Affected Products : windows securegate weblink
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025
Showing 20 of 293425 Results