Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-51939

    An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.... Read more

    Affected Products : relic
    • Published: Feb. 01, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51928

    An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51927

    YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51924

    An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.... Read more

    Affected Products : yonbip
    • Published: Jan. 20, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51889

    Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.... Read more

    Affected Products : mathtex
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-51838

    Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.... Read more

    Affected Products : meshcentral
    • Published: Feb. 02, 2024
    • Modified: Jun. 16, 2025

  • 7.3

    HIGH
    CVE-2023-51751

    ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.... Read more

    Affected Products : windows scalefusion
    • Published: Jan. 11, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51717

    Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass.... Read more

    Affected Products : data_science_studio
    • Published: Jan. 09, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-51350

    A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header.... Read more

    Affected Products : ujcms
    • Published: Jan. 11, 2024
    • Modified: Jun. 16, 2025

  • 7.8

    HIGH
    CVE-2023-51257

    An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.... Read more

    Affected Products : jasper
    • Published: Jan. 16, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-51246

    A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page.... Read more

    Affected Products : getsimplecms
    • Published: Jan. 08, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-51072

    A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Cent... Read more

    Affected Products : nagios_xi
    • Published: Feb. 02, 2024
    • Modified: Jun. 16, 2025

  • 6.1

    MEDIUM
    CVE-2023-51067

    An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.... Read more

    Affected Products : archive_storage_manager
    • Published: Jan. 13, 2024
    • Modified: Jun. 16, 2025

  • 7.5

    HIGH
    CVE-2023-51065

    Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server.... Read more

    Affected Products : archive_storage_manager
    • Published: Jan. 13, 2024
    • Modified: Jun. 16, 2025

  • 5.3

    MEDIUM
    CVE-2023-51062

    An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command.... Read more

    Affected Products : archive_storage_manager
    • Published: Jan. 13, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-48133

    An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 26, 2024
    • Modified: Jun. 16, 2025

  • 5.4

    MEDIUM
    CVE-2023-43994

    An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 9.8

    CRITICAL
    CVE-2023-43985

    SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component.... Read more

    Affected Products : stblogsearch
    • Published: Jan. 19, 2024
    • Modified: Jun. 16, 2025

  • 4.8

    MEDIUM
    CVE-2023-42941

    The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.... Read more

    Affected Products : iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 16, 2025

  • 5.5

    MEDIUM
    CVE-2023-42888

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. Processing a maliciously crafted image may result in... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Jan. 23, 2024
    • Modified: Jun. 16, 2025
Showing 20 of 293554 Results