Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2023-7082

    The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege user... Read more

    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-6625

    The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack... Read more

    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52337

    An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must fir... Read more

    Affected Products : deep_security deep_security_agent
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.1

    HIGH
    CVE-2023-52331

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privil... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-52330

    A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in t... Read more

    Affected Products : apex_one apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-52326

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52094

    An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52092

    A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52091

    An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the targ... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52090

    A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-51948

    A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2023-51947

    Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-51946

    Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51925

    An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-50275

    HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.... Read more

    Affected Products : oneview
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2023-49329

    Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system command... Read more

    Affected Products : match
    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48359

    In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48358

    In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48357

    In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025

  • 4.4

    MEDIUM
    CVE-2023-48356

    In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Jan. 18, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293620 Results