Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-46721

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2022-40361

    Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint.... Read more

    Affected Products : elite_cms
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 4.7

    MEDIUM
    CVE-2022-32919

    The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2021-46903

    An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control).... Read more

    Affected Products : lantime_firmware
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2021-46902

    An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls.... Read more

    Affected Products : lantime_firmware
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2024-21509

    Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.... Read more

    Affected Products : mysql2
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 7.3

    HIGH
    CVE-2025-5129

    A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is requ... Read more

    Affected Products : atrust
    • Published: May. 24, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.2

    MEDIUM
    CVE-2024-23734

    Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link.... Read more

    Affected Products : s-notify
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2024-23735

    Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate.... Read more

    Affected Products : s-notify
    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 3.1

    LOW
    CVE-2024-28344

    An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL.... Read more

    • Published: Apr. 10, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-47992

    An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.... Read more

    Affected Products : freeimage
    • Published: Jan. 09, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-47256

    ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings... Read more

    Affected Products : automate screenconnect
    • Published: Feb. 01, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47202

    A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on t... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47197

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47196

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the ta... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-47192

    An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target sy... Read more

    Affected Products : apex_one
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-47024

    Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept ... Read more

    Affected Products : terminal_handler
    • Published: Jan. 20, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-47022

    Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.... Read more

    Affected Products : terminal_handler
    • Published: Feb. 06, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-40528

    This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-40411

    This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293588 Results