Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-46892

    The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temper... Read more

    Affected Products : msh30q_firmware msh30q
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 5.7

    MEDIUM
    CVE-2023-46889

    Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This... Read more

    Affected Products : msh30q_firmware msh30q
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-46835

    The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IO... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-43898

    Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.... Read more

    Affected Products : stb_image.h stb_vorbis.c
    • Published: Oct. 03, 2023
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-41987

    This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-41619

    Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.... Read more

    Affected Products : emlog
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2023-41603

    D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.... Read more

    Affected Products : r15_firmware r15
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-41069

    This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-40830

    Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.... Read more

    Affected Products : ac6_firmware ac6
    • Published: Oct. 03, 2023
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2023-33760

    SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.... Read more

    Affected Products : maximiser_soft_pbx
    • Published: Jan. 25, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-33295

    Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation.... Read more

    Affected Products : cohesity_dataplatform
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 6.3

    MEDIUM
    CVE-2024-33121

    Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.... Read more

    Affected Products : roothub
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 6.3

    MEDIUM
    CVE-2024-46540

    A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privilege... Read more

    Affected Products : emlog_pro emlog
    • Published: Sep. 30, 2024
    • Modified: Jun. 17, 2025

  • 5.3

    MEDIUM
    CVE-2024-47913

    An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view t... Read more

    Affected Products : mediawiki abusefilter
    • Published: Oct. 04, 2024
    • Modified: Jun. 17, 2025

  • 8.1

    HIGH
    CVE-2024-44068

    An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.... Read more

    • Published: Oct. 07, 2024
    • Modified: Jun. 17, 2025

  • 4.8

    MEDIUM
    CVE-2025-43200

    This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, ma... Read more

    Affected Products : macos iphone_os watchos ipados visionos
    • Actively Exploited
    • Published: Jun. 16, 2025
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2024-46292

    A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation in... Read more

    Affected Products : modsecurity modsecurity
    • Published: Oct. 09, 2024
    • Modified: Jun. 17, 2025

  • 6.2

    MEDIUM
    CVE-2024-45184

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due... Read more

    • Published: Oct. 11, 2024
    • Modified: Jun. 17, 2025

  • 7.2

    HIGH
    CVE-2024-48700

    Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.... Read more

    Affected Products : kliqqi_cms
    • Published: Oct. 25, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-48112

    A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.... Read more

    Affected Products : thinkphp
    • Published: Oct. 30, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293548 Results