Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2023-49555

    An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.... Read more

    Affected Products : yasm
    • Published: Jan. 03, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-49238

    In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, i... Read more

    Affected Products : enterprise
    • Published: Jan. 09, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-49101

    WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates.... Read more

    Affected Products : axigen_mobile_webmail
    • Published: Feb. 08, 2024
    • Modified: Jun. 17, 2025

  • 9.6

    CRITICAL
    CVE-2023-48974

    Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.... Read more

    Affected Products : axigen_mail_server
    • Published: Feb. 08, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2023-48135

    An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 26, 2024
    • Modified: Jun. 17, 2025

  • 5.4

    MEDIUM
    CVE-2023-48131

    An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 26, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-46892

    The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temper... Read more

    Affected Products : msh30q_firmware msh30q
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 5.7

    MEDIUM
    CVE-2023-46889

    Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This... Read more

    Affected Products : msh30q_firmware msh30q
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-46835

    The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IO... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-43898

    Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.... Read more

    Affected Products : stb_image.h stb_vorbis.c
    • Published: Oct. 03, 2023
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-41987

    This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-41619

    Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.... Read more

    Affected Products : emlog
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2023-41603

    D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.... Read more

    Affected Products : r15_firmware r15
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-41069

    This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-40830

    Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Oct. 03, 2023
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2023-33760

    SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.... Read more

    Affected Products : maximiser_soft_pbx
    • Published: Jan. 25, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-33295

    Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation.... Read more

    Affected Products : cohesity_dataplatform
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 6.3

    MEDIUM
    CVE-2024-33121

    Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.... Read more

    Affected Products : roothub
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 6.3

    MEDIUM
    CVE-2024-46540

    A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privilege... Read more

    Affected Products : emlog_pro emlog
    • Published: Sep. 30, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-47913

    An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view t... Read more

    Affected Products : mediawiki abusefilter
    • Published: Oct. 04, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293510 Results