Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-0751

    A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 8.8

    HIGH
    CVE-2024-0750

    A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2024-0746

    A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-0606

    An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.... Read more

    Affected Products : firefox_focus
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-0605

    Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user'... Read more

    Affected Products : firefox_focus
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.2

    HIGH
    CVE-2023-7082

    The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege user... Read more

    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-6625

    The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack... Read more

    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52337

    An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must fir... Read more

    Affected Products : deep_security deep_security_agent
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.1

    HIGH
    CVE-2023-52331

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privil... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-52330

    A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in t... Read more

    Affected Products : apex_one apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-52326

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52094

    An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52092

    A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52091

    An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the targ... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-52090

    A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sys... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-51948

    A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 9.1

    CRITICAL
    CVE-2023-51947

    Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-51946

    Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.... Read more

    • Published: Jan. 19, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2023-51925

    An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2023-50275

    HPE OneView may allow clusterService Authentication Bypass resulting in denial of service.... Read more

    Affected Products : oneview
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293645 Results