Latest CVE Feed
-
7.5
HIGHCVE-2021-39983
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.... Read more
Affected Products : harmonyos- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
7.5
HIGHCVE-2021-39977
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.... Read more
Affected Products : harmonyos- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
7.5
HIGHCVE-2021-39967
There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.... Read more
- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
8.8
HIGHCVE-2021-37198
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web ... Read more
Affected Products : comos- Published: Jan. 11, 2022
- Modified: May. 22, 2025
-
7.5
HIGHCVE-2021-37133
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.... Read more
- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
6.1
MEDIUMCVE-2021-36739
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.... Read more
- Published: Jan. 06, 2022
- Modified: May. 22, 2025
-
6.5
MEDIUMCVE-2021-28715
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kern... Read more
- Published: Jan. 06, 2022
- Modified: May. 22, 2025
-
6.1
MEDIUMCVE-2021-25022
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues... Read more
Affected Products : updraftplus- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
6.1
MEDIUMCVE-2021-24964
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the... Read more
Affected Products : litespeed_cache- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
7.2
HIGHCVE-2021-24786
The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue... Read more
Affected Products : download_monitor- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
9.8
CRITICALCVE-2021-24042
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior t... Read more
- Published: Jan. 04, 2022
- Modified: May. 22, 2025
-
6.5
MEDIUMCVE-2021-1918
Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile... Read more
Affected Products : qca6391_firmware sd888_5g_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wcn3998_firmware wcn6850_firmware wcn6851_firmware wcn6855_firmware wcn6856_firmware +50 more products- Published: Jan. 03, 2022
- Modified: May. 22, 2025
-
7.5
HIGHCVE-2019-13543
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentia... Read more
- Published: Nov. 08, 2019
- Modified: May. 22, 2025
-
7.8
HIGHCVE-2019-13539
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS passwor... Read more
- Published: Nov. 08, 2019
- Modified: May. 22, 2025
-
4.6
MEDIUMCVE-2019-13535
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not a... Read more
- Published: Nov. 08, 2019
- Modified: May. 22, 2025
-
4.8
MEDIUMCVE-2019-13531
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for a... Read more
- Published: Nov. 08, 2019
- Modified: May. 22, 2025
-
8.8
HIGHCVE-2019-10964
Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement ... Read more
Affected Products : minimed_508_firmware minimed_paradigm_511_firmware minimed_paradigm_512_firmware minimed_paradigm_712_firmware minimed_paradigm_712e_firmware minimed_paradigm_515_firmware minimed_paradigm_715_firmware minimed_paradigm_522_firmware minimed_paradigm_722_firmware minimed_paradigm_522k_firmware +28 more products- Published: Jun. 28, 2019
- Modified: May. 22, 2025
-
7.2
HIGHCVE-2018-8870
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access ... Read more
- Published: Jul. 03, 2018
- Modified: May. 22, 2025
-
6.9
MEDIUMCVE-2018-8868
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with phy... Read more
- Published: Jul. 03, 2018
- Modified: May. 22, 2025
-
6.1
MEDIUMCVE-2024-12732
The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more
Affected Products : affiliateimportereb- Published: May. 15, 2025
- Modified: May. 22, 2025
- Vuln Type: Cross-Site Scripting