Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2023-51441

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to... Read more

    Affected Products : axis
    • Published: Jan. 06, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-51154

    Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.... Read more

    Affected Products : jizhicms
    • Published: Jan. 04, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-50921

    An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3... Read more

    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.1

    CRITICAL
    CVE-2023-50351

    HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 8.2

    HIGH
    CVE-2023-50350

    HCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 5.3

    MEDIUM
    CVE-2023-50348

    HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2023-50346

    HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 5.4

    MEDIUM
    CVE-2023-50344

    HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 8.3

    HIGH
    CVE-2023-50343

    HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.6

    HIGH
    CVE-2023-50341

    HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive infor... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 6.1

    MEDIUM
    CVE-2023-50093

    APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.... Read more

    Affected Products : api_gateway_manager
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-50020

    An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.... Read more

    Affected Products : open5gs
    • Published: Jan. 02, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-49961

    WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.... Read more

    Affected Products : bastion bastion_access_manager
    • Published: Jan. 08, 2024
    • Modified: Jun. 18, 2025

  • 7.5

    HIGH
    CVE-2023-46929

    An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.... Read more

    Affected Products : gpac
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-45724

    HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2023-45723

    HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.7

    HIGH
    CVE-2023-42358

    An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.... Read more

    Affected Products : ric-plt-e2mgr
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 9.6

    CRITICAL
    CVE-2023-39655

    A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, le... Read more

    Affected Products : couchauth
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 7.8

    HIGH
    CVE-2023-34326

    The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Su... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025

  • 7.8

    HIGH
    CVE-2023-34325

    [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pyg... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 18, 2025
Showing 20 of 293613 Results