Latest CVE Feed
-
6.5
MEDIUMCVE-2021-28715
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kern... Read more
- Published: Jan. 06, 2022
- Modified: May. 22, 2025
-
6.1
MEDIUMCVE-2021-25022
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues... Read more
Affected Products : updraftplus- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
6.1
MEDIUMCVE-2021-24964
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the... Read more
Affected Products : litespeed_cache- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
7.2
HIGHCVE-2021-24786
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue... Read more
Affected Products : download_monitor- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
9.8
CRITICALCVE-2021-24042
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior t... Read more
- Published: Jan. 04, 2022
- Modified: May. 22, 2025
-
6.5
MEDIUMCVE-2021-1918
Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile... Read more
Affected Products : qca6391_firmware sd888_5g_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wcn3998_firmware wcn6850_firmware wcn6851_firmware wcn6855_firmware wcn6856_firmware +50 more products- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
7.5
HIGHCVE-2019-13543
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentia... Read more
- Published: Nov. 08, 2019
- Modified: May. 22, 2025
-
7.8
HIGHCVE-2019-13539
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS passwor... Read more
- Published: Nov. 08, 2019
- Modified: May. 22, 2025
-
4.6
MEDIUMCVE-2019-13535
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not a... Read more
- Published: Nov. 08, 2019
- Modified: May. 22, 2025
-
4.8
MEDIUMCVE-2019-13531
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for a... Read more
- Published: Nov. 08, 2019
- Modified: May. 22, 2025
-
8.8
HIGHCVE-2019-10964
Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement ... Read more
Affected Products : minimed_508_firmware minimed_paradigm_511_firmware minimed_paradigm_512_firmware minimed_paradigm_712_firmware minimed_paradigm_712e_firmware minimed_paradigm_515_firmware minimed_paradigm_715_firmware minimed_paradigm_522_firmware minimed_paradigm_722_firmware minimed_paradigm_522k_firmware +28 more products- Published: Jun. 28, 2019
- Modified: May. 22, 2025
-
7.2
HIGHCVE-2018-8870
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access ... Read more
- Published: Jul. 03, 2018
- Modified: May. 22, 2025
-
6.9
MEDIUMCVE-2018-8868
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with phy... Read more
- Published: Jul. 03, 2018
- Modified: May. 22, 2025
-
6.1
MEDIUMCVE-2024-12732
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : affiliateimportereb- Published: May. 15, 2025
- Modified: May. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-12733
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : affiliateimportereb- Published: May. 15, 2025
- Modified: May. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-12734
The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agai... Read more
Affected Products : advance_post_prefix- Published: May. 15, 2025
- Modified: May. 22, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2024-12735
The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks... Read more
Affected Products : advance_post_prefix- Published: May. 15, 2025
- Modified: May. 22, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2024-13127
The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more
Affected Products : learnpress- Published: May. 15, 2025
- Modified: May. 22, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-46188
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.... Read more
Affected Products : client_database_management_system- Published: May. 09, 2025
- Modified: May. 22, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-46189
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.... Read more
Affected Products : client_database_management_system- Published: May. 09, 2025
- Modified: May. 22, 2025
- Vuln Type: Injection