Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-3818

    A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch t... Read more

    Affected Products :
    • Published: Apr. 19, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-21224

    Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: May. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2023-5953

    The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbi... Read more

    • EPSS Score: %0.57
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 4.8

    MEDIUM
    CVE-2023-5137

    The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is d... Read more

    Affected Products : simply_excerpts
    • EPSS Score: %0.19
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2023-42747

    In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.02
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.8

    HIGH
    CVE-2023-42736

    In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.02
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 4.4

    MEDIUM
    CVE-2023-42726

    In TeleService, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed... Read more

    Affected Products : android s8000 sc9863a t310 t606 t610 t612 t616 t618 t760 +2 more products
    • EPSS Score: %0.02
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2023-42716

    In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.34
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 5.5

    MEDIUM
    CVE-2023-40076

    In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 6.7

    MEDIUM
    CVE-2023-32863

    In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326314; Issue ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6835 mt6853 mt6855 mt6873 +14 more products
    • EPSS Score: %0.04
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 6.7

    MEDIUM
    CVE-2023-32854

    In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALP... Read more

    Affected Products : android mt6835 mt6879 mt6886 mt6895 mt6985 mt8791t mt8797 mt6983 mt8321 +10 more products
    • EPSS Score: %0.03
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2023-32843

    In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitatio... Read more

    Affected Products : nr15 nr16 nr17 mt2735 mt6813 mt6833 mt6835 mt6853 mt6855 mt6873 +26 more products
    • EPSS Score: %1.19
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2023-21216

    In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is n... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Dec. 04, 2023
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-41138

    In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.... Read more

    Affected Products : zutty
    • EPSS Score: %0.19
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-40955

    In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially l... Read more

    Affected Products : inlong
    • EPSS Score: %3.66
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 9.1

    CRITICAL
    CVE-2022-38340

    Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.... Read more

    Affected Products : fme_server
    • EPSS Score: %0.34
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.2

    HIGH
    CVE-2022-37883

    Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the und... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.57
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-35196

    TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery (CSRF) via /lib/plan/planView.php.... Read more

    Affected Products : testlink
    • EPSS Score: %0.10
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 7.5

    HIGH
    CVE-2022-34917

    A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryExcep... Read more

    Affected Products : kafka
    • EPSS Score: %0.06
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 8.8

    HIGH
    CVE-2022-28639

    A remote potential adjacent denial of service (DoS) and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) ... Read more

    • EPSS Score: %0.36
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025
Showing 20 of 291779 Results