Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-52102

    Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 7.5

    HIGH
    CVE-2023-52098

    Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-52026

    TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface... Read more

    Affected Products : ex1800t_firmware ex1800t
    • Published: Jan. 12, 2024
    • Modified: Jun. 11, 2025

  • 6.5

    MEDIUM
    CVE-2023-51702

    Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any ... Read more

    Affected Products : airflow airflow_cncf_kubernetes
    • Published: Jan. 24, 2024
    • Modified: Jun. 11, 2025

  • 6.5

    MEDIUM
    CVE-2023-50944

    Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. U... Read more

    Affected Products : airflow
    • Published: Jan. 24, 2024
    • Modified: Jun. 11, 2025

  • 4.8

    MEDIUM
    CVE-2023-4925

    The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : easy_forms_for_mailchimp
    • Published: Jan. 15, 2024
    • Modified: Jun. 11, 2025

  • 7.2

    HIGH
    CVE-2023-4797

    The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.... Read more

    Affected Products : newsletters
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-4472

    Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.... Read more

    Affected Products : opinio
    • Published: Feb. 01, 2024
    • Modified: Jun. 11, 2025

  • 3.1

    LOW
    CVE-2023-49619

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will o... Read more

    Affected Products : answer
    • Published: Jan. 10, 2024
    • Modified: Jun. 11, 2025

  • 8.8

    HIGH
    CVE-2023-49257

    An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.... Read more

    Affected Products : h8951-4g-esp_firmware h8951-4g-esp
    • Published: Jan. 12, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-48793

    Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Feb. 02, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-48792

    Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Feb. 02, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-48127

    An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 26, 2024
    • Modified: Jun. 11, 2025

  • 8.4

    HIGH
    CVE-2023-47145

    IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.... Read more

    Affected Products : db2 windows
    • Published: Jan. 07, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-47132

    An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.... Read more

    Affected Products : n-central
    • Published: Feb. 08, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-43999

    An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-43988

    An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • Published: Jan. 24, 2024
    • Modified: Jun. 11, 2025

  • 8.8

    HIGH
    CVE-2023-42833

    A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os safari ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 11, 2025

  • 3.3

    LOW
    CVE-2023-40439

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Jan. 10, 2024
    • Modified: Jun. 11, 2025

  • 9.8

    CRITICAL
    CVE-2023-3211

    The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.... Read more

    Affected Products : wordpress_database_administrator
    • Published: Jan. 16, 2024
    • Modified: Jun. 11, 2025
Showing 20 of 293288 Results