Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2023-50348

    HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2023-50346

    HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 5.4

    MEDIUM
    CVE-2023-50344

    HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 8.3

    HIGH
    CVE-2023-50343

    HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.6

    HIGH
    CVE-2023-50341

    HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive infor... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2023-50093

    APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.... Read more

    Affected Products : api_gateway_manager
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-50020

    An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.... Read more

    Affected Products : open5gs
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-49961

    WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.... Read more

    Affected Products : bastion bastion_access_manager
    • Published: Jan. 08, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-46929

    An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.... Read more

    Affected Products : gpac
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-45724

    HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-45723

    HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.7

    HIGH
    CVE-2023-42358

    An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.... Read more

    Affected Products : ric-plt-e2mgr
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.6

    CRITICAL
    CVE-2023-39655

    A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, le... Read more

    Affected Products : couchauth
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.8

    HIGH
    CVE-2023-34326

    The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Su... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 7.8

    HIGH
    CVE-2023-34325

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pyg... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 5.5

    MEDIUM
    CVE-2023-34323

    When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, ... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2023-27739

    easyXDM 2.5 allows XSS via the xdm_e parameter.... Read more

    Affected Products : easyxdm
    • Published: Jan. 08, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2020-13880

    IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.... Read more

    Affected Products : b3d
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-42936

    The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.... Read more

    Affected Products : reyee_os rg-ew300n
    • Published: Jan. 21, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Misconfiguration

  • 6.7

    MEDIUM
    CVE-2025-22980

    A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.... Read more

    • Published: Jan. 22, 2025
    • Modified: Jun. 18, 2025
    • Vuln Type: Injection
Showing 20 of 293608 Results