Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-39988

    The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.... Read more

    Affected Products : harmonyos
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2021-39987

    The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.... Read more

    Affected Products : harmonyos
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2021-39985

    The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart.... Read more

    Affected Products : harmonyos
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2021-39984

    Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service.... Read more

    Affected Products : harmonyos
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2021-39983

    The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.... Read more

    Affected Products : harmonyos
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2021-39977

    The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.... Read more

    Affected Products : harmonyos
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2021-39967

    There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2021-37198

    A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web ... Read more

    Affected Products : comos
    • Published: Jan. 11, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2021-37133

    There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2021-36739

    The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.... Read more

    Affected Products : pluto jetspeed
    • Published: Jan. 06, 2022
    • Modified: May. 22, 2025

  • 6.5

    MEDIUM
    CVE-2021-28715

    Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kern... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Jan. 06, 2022
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2021-25022

    The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues... Read more

    Affected Products : updraftplus
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 6.1

    MEDIUM
    CVE-2021-24964

    The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the... Read more

    Affected Products : litespeed_cache
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 7.2

    HIGH
    CVE-2021-24786

    The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue... Read more

    Affected Products : download_monitor
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2021-24042

    The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior t... Read more

    Affected Products : whatsapp whatsapp_desktop
    • Published: Jan. 04, 2022
    • Modified: May. 22, 2025

  • 6.5

    MEDIUM
    CVE-2021-1918

    Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile... Read more

    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2019-13543

    Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentia... Read more

    • Published: Nov. 08, 2019
    • Modified: May. 22, 2025

  • 7.8

    HIGH
    CVE-2019-13539

    Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS passwor... Read more

    • Published: Nov. 08, 2019
    • Modified: May. 22, 2025

  • 4.6

    MEDIUM
    CVE-2019-13535

    In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not a... Read more

    • Published: Nov. 08, 2019
    • Modified: May. 22, 2025

  • 4.8

    MEDIUM
    CVE-2019-13531

    In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for a... Read more

    • Published: Nov. 08, 2019
    • Modified: May. 22, 2025
Showing 20 of 293261 Results