Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-42935

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.... Read more

    Affected Products : macos
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-42881

    The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing a file may lead to unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-42144

    Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password.... Read more

    Affected Products : trv_firmware trv
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2023-41176

    Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to,... Read more

    Affected Products : mobile_security
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-38627

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-38626

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-38625

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-38624

    A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central 2019 (lower than build 6481) could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 20, 2025

  • 6.5

    MEDIUM
    CVE-2023-27859

    IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar... Read more

    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-42141

    An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.... Read more

    Affected Products : tinydtls
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-31314

    File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.... Read more

    Affected Products : terminal_security_system
    • Published: Jan. 20, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2020-36771

    CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user.... Read more

    Affected Products : cagefs
    • Published: Jan. 22, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-31648

    Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-30656

    An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame.... Read more

    Affected Products : dream_firmware dream
    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 6.1

    MEDIUM
    CVE-2024-31651

    A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2023-33806

    Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands.... Read more

    • Published: Apr. 15, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-21088

    Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network acces... Read more

    • Published: Apr. 16, 2024
    • Modified: Jun. 20, 2025

  • 8.6

    HIGH
    CVE-2024-37818

    Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi ... Read more

    Affected Products : strapi
    • Published: Jun. 20, 2024
    • Modified: Jun. 20, 2025

  • 7.8

    HIGH
    CVE-2024-37081

    The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Applia... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Jun. 18, 2024
    • Modified: Jun. 20, 2025

  • 7.5

    HIGH
    CVE-2024-38467

    Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.... Read more

    Affected Products : synthesis_image_system
    • Published: Jun. 16, 2024
    • Modified: Jun. 20, 2025
Showing 20 of 293631 Results