Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-51717

    Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.... Read more

    Affected Products : data_science_studio
    • Published: Jan. 09, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51350

    A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.... Read more

    Affected Products : ujcms
    • Published: Jan. 11, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2023-51257

    An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.... Read more

    Affected Products : jasper
    • Published: Jan. 16, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-51246

    A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.... Read more

    Affected Products : getsimplecms
    • Published: Jan. 08, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-51072

    A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Cent... Read more

    Affected Products : nagios_xi
    • Published: Feb. 02, 2024
    • Modified: Jun. 16, 2025

  • 6.1

    MEDIUM
    CVE-2023-51067

    An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.... Read more

    Affected Products : archive_storage_manager
    • Published: Jan. 13, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-51065

    Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server.... Read more

    Affected Products : archive_storage_manager
    • Published: Jan. 13, 2024
    • Modified: Jun. 16, 2025

  • 5.3

    MEDIUM
    CVE-2023-51062

    An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command.... Read more

    Affected Products : archive_storage_manager
    • Published: Jan. 13, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-48133

    An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 26, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-43994

    An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-43985

    SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component.... Read more

    Affected Products : stblogsearch
    • Published: Jan. 19, 2024
    • Modified: Jun. 16, 2025

  • 4.8

    MEDIUM
    CVE-2023-42941

    The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2023-42888

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2023-42865

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 3.3

    LOW
    CVE-2023-42830

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2023-42829

    The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2023-39853

    SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.... Read more

    Affected Products : dzzoffice
    • Published: Jan. 06, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-39611

    An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.... Read more

    Affected Products : chart_fx
    • Published: Feb. 02, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2023-34322

    For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. ... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 16, 2025

  • 4.4

    MEDIUM
    CVE-2023-32880

    In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue I... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 16, 2025
Showing 20 of 293505 Results