Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-46903

    An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).... Read more

    Affected Products : lantime_firmware
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2021-46902

    An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.... Read more

    Affected Products : lantime_firmware
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-21509

    Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.... Read more

    Affected Products : mysql2
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 7.3

    HIGH
    CVE-2025-5129

    A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is requ... Read more

    Affected Products : atrust
    • Published: May. 24, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2024-23734

    Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link.... Read more

    Affected Products : s-notify
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-23735

    Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate.... Read more

    Affected Products : s-notify
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 3.1

    LOW
    CVE-2024-28344

    An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-47992

    An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.... Read more

    Affected Products : freeimage
    • Published: Jan. 09, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-47256

    ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings... Read more

    Affected Products : automate screenconnect
    • Published: Feb. 01, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47202

    A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on t... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47197

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47196

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47192

    An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-47024

    Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept ... Read more

    Affected Products : terminal_handler
    • Published: Jan. 20, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-47022

    Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.... Read more

    Affected Products : terminal_handler
    • Published: Feb. 06, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-40528

    This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-40411

    This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-40385

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.... Read more

    Affected Products : macos iphone_os safari ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 3.3

    LOW
    CVE-2023-40383

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2023-40355

    Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching b... Read more

    Affected Products : axigen_mobile_webmail
    • Published: Feb. 07, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293542 Results