Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2023-42941

    The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2023-42888

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2023-42865

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 3.3

    LOW
    CVE-2023-42830

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2023-42829

    The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 6.5

    MEDIUM
    CVE-2023-39853

    SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.... Read more

    Affected Products : dzzoffice
    • Published: Jan. 06, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-39611

    An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.... Read more

    Affected Products : chart_fx
    • Published: Feb. 02, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2023-34322

    For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. ... Read more

    Affected Products : xen
    • Published: Jan. 05, 2024
    • Modified: Jun. 16, 2025

  • 4.4

    MEDIUM
    CVE-2023-32880

    In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue I... Read more

    Affected Products : android mt6833 mt6879 mt6883 mt6885 mt8791t mt8797 mt6762 mt6765 mt6983 +12 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 16, 2025

  • 4.4

    MEDIUM
    CVE-2023-32875

    In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issu... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6853t mt6855 +48 more products
    • Published: Jan. 02, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2023-32401

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-31506

    A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.... Read more

    Affected Products : grav
    • Published: Feb. 09, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-26999

    An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.... Read more

    Affected Products : ngeniusone
    • Published: Jan. 09, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2025-29401

    An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more

    Affected Products : emlog
    • Published: Mar. 19, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2023-51295

    PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.... Read more

    Affected Products : event_booking_calendar
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2023-51328

    PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.... Read more

    Affected Products : cleaning_business_software
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-28073

    phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.... Read more

    Affected Products : phplist
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-28074

    phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, all... Read more

    Affected Products : phplist
    • Published: May. 08, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.1

    CRITICAL
    CVE-2025-47816

    libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.... Read more

    Affected Products : pspp
    • Published: May. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-4538

    A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. Th... Read more

    Affected Products : kkfileview
    • Published: May. 11, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Authentication
Showing 20 of 293512 Results