Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-35047

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa.... Read more

    Affected Products : otfcc
    • EPSS Score: %0.22
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-35046

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.... Read more

    Affected Products : otfcc
    • EPSS Score: %0.20
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-35045

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.... Read more

    Affected Products : otfcc
    • EPSS Score: %0.20
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-35044

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087.... Read more

    Affected Products : otfcc
    • EPSS Score: %0.20
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-35043

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.... Read more

    Affected Products : otfcc
    • EPSS Score: %0.20
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-35042

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.... Read more

    Affected Products : otfcc
    • EPSS Score: %0.20
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-35041

    OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f.... Read more

    Affected Products : otfcc
    • EPSS Score: %0.20
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-34022

    SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 4.6

    MEDIUM
    CVE-2022-22078

    Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, S... Read more

    • EPSS Score: %0.06
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2022-20464

    In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-20397

    In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 9.1

    CRITICAL
    CVE-2021-46840

    The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.11
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 9.1

    CRITICAL
    CVE-2021-46839

    The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.11
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2021-0699

    In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Produ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-5029

    The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-8157

    The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : alphabetical_list
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-9600

    The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : ditty
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.1

    MEDIUM
    CVE-2024-9828

    The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks... Read more

    Affected Products : taskbuilder
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 6.8

    MEDIUM
    CVE-2024-10709

    The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform S... Read more

    Affected Products : yadisk_files
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 3.5

    LOW
    CVE-2024-10710

    The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : yadisk_files
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025
Showing 20 of 291712 Results