Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2023-52091

    An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the targ... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52090

    A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-51948

    A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2023-51947

    Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-51946

    Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51925

    An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-50275

    HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.... Read more

    Affected Products : oneview
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2023-49329

    Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system command... Read more

    Affected Products : match
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48359

    In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48358

    In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48357

    In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48356

    In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48355

    In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-48354

    In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48353

    In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-48118

    SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page.... Read more

    Affected Products : iqcrm
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-47195

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-47193

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-46447

    The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.... Read more

    Affected Products : rebel
    • Published: Jan. 20, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-46351

    In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293612 Results