Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-52426

    libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.... Read more

    Affected Products : libexpat sinec_nms
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52354

    chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.... Read more

    Affected Products : chasquid
    • Published: Jan. 22, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52329

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52289

    An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.... Read more

    Affected Products : flaskcode
    • Published: Jan. 13, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52274

    member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.... Read more

    Affected Products : yzmcms
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-52251

    An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.... Read more

    Affected Products : ui
    • Published: Jan. 25, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-52239

    The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.... Read more

    Affected Products : magic_xpi_integration_platform
    • Published: Feb. 06, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52099

    Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52068

    kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs.... Read more

    Affected Products : kodbox
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-52027

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-50974

    In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.... Read more

    Affected Products : command_line_interface appwrite
    • Published: Jan. 09, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-50920

    An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attac... Read more

    • Published: Jan. 12, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-50694

    An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.... Read more

    Affected Products : httpbeast
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-50671

    In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address.... Read more

    Affected Products : exiftags
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-50488

    An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.... Read more

    • Published: Feb. 02, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-50159

    In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App... Read more

    Affected Products : scalefusion
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-50120

    MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.... Read more

    Affected Products : gpac
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-50092

    APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : api_gateway_manager
    • Published: Jan. 03, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-50030

    In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited... Read more

    Affected Products : jmssetting
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2023-49950

    The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it t... Read more

    Affected Products : siem
    • Published: Feb. 03, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293510 Results