Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2023-47197

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47196

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47192

    An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-47024

    Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept ... Read more

    Affected Products : terminal_handler
    • Published: Jan. 20, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-47022

    Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.... Read more

    Affected Products : terminal_handler
    • Published: Feb. 06, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-40528

    This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-40411

    This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-40385

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.... Read more

    Affected Products : macos iphone_os safari ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 3.3

    LOW
    CVE-2023-40383

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2023-40355

    Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching b... Read more

    Affected Products : axigen_mobile_webmail
    • Published: Feb. 07, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-40262

    An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request.... Read more

    Affected Products : openscape_voice_trace_manager_v8
    • Published: Feb. 08, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2024-34471

    An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file locati... Read more

    Affected Products : mailinspector
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2024-28345

    An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2024-29269

    An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.... Read more

    Affected Products : tlr-2005ksh_firmware tlr-2005ksh
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-33820

    Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflo... Read more

    Affected Products : a3002r_firmware a3002r
    • Published: May. 01, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-34506

    An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of s... Read more

    Affected Products : fedora mediawiki
    • Published: May. 05, 2024
    • Modified: Jun. 17, 2025

  • 7.4

    HIGH
    CVE-2024-34507

    An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000... Read more

    Affected Products : fedora mediawiki
    • Published: May. 05, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-34510

    Gradio before 4.20 allows credential leakage on Windows.... Read more

    Affected Products : gradio
    • Published: May. 05, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-4549

    A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.... Read more

    Affected Products : diaenergie
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 8.6

    HIGH
    CVE-2024-34470

    An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of th... Read more

    Affected Products : mailinspector
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293512 Results