Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-4549

    A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.... Read more

    Affected Products : diaenergie
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 8.6

    HIGH
    CVE-2024-34470

    An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of th... Read more

    Affected Products : mailinspector
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 5.9

    MEDIUM
    CVE-2024-34472

    An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not... Read more

    Affected Products : mailinspector
    • Published: May. 06, 2024
    • Modified: Jun. 17, 2025

  • 4.7

    MEDIUM
    CVE-2025-46399

    A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.... Read more

    Affected Products :
    • Published: Apr. 23, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2023-52426

    libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.... Read more

    Affected Products : libexpat sinec_nms
    • Published: Feb. 04, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52354

    chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.... Read more

    Affected Products : chasquid
    • Published: Jan. 22, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52329

    Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not ... Read more

    Affected Products : apex_central
    • Published: Jan. 23, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52289

    An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.... Read more

    Affected Products : flaskcode
    • Published: Jan. 13, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52274

    member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.... Read more

    Affected Products : yzmcms
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-52251

    An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.... Read more

    Affected Products : ui
    • Published: Jan. 25, 2024
    • Modified: Jun. 17, 2025

  • 6.5

    MEDIUM
    CVE-2023-52239

    The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.... Read more

    Affected Products : magic_xpi_integration_platform
    • Published: Feb. 06, 2024
    • Modified: Jun. 17, 2025

  • 7.5

    HIGH
    CVE-2023-52099

    Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 6.1

    MEDIUM
    CVE-2023-52068

    kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs.... Read more

    Affected Products : kodbox
    • Published: Jan. 16, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-52027

    TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.... Read more

    Affected Products : a3700r_firmware a3700r
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-50974

    In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.... Read more

    Affected Products : command_line_interface appwrite
    • Published: Jan. 09, 2024
    • Modified: Jun. 17, 2025

  • 5.5

    MEDIUM
    CVE-2023-50920

    An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attac... Read more

    • Published: Jan. 12, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-50694

    An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component.... Read more

    Affected Products : httpbeast
    • Published: Jan. 19, 2024
    • Modified: Jun. 17, 2025

  • 7.8

    HIGH
    CVE-2023-50671

    In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address.... Read more

    Affected Products : exiftags
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025

  • 9.8

    CRITICAL
    CVE-2023-50488

    An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.... Read more

    • Published: Feb. 02, 2024
    • Modified: Jun. 17, 2025

  • 8.8

    HIGH
    CVE-2023-50159

    In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App... Read more

    Affected Products : scalefusion
    • Published: Jan. 11, 2024
    • Modified: Jun. 17, 2025
Showing 20 of 293605 Results