Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-34022

    SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 4.6

    MEDIUM
    CVE-2022-22078

    Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, S... Read more

    • EPSS Score: %0.06
    • Published: Oct. 19, 2022
    • Modified: May. 15, 2025

  • 5.5

    MEDIUM
    CVE-2022-20464

    In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2022-20397

    In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 9.1

    CRITICAL
    CVE-2021-46840

    The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.11
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 9.1

    CRITICAL
    CVE-2021-46839

    The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.11
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2021-0699

    In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Produ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-5029

    The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : cm_table_of_contents
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-8157

    The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : alphabetical_list
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-9600

    The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : ditty
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 4.1

    MEDIUM
    CVE-2024-9828

    The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks... Read more

    Affected Products : taskbuilder
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 6.8

    MEDIUM
    CVE-2024-10709

    The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform S... Read more

    Affected Products : yadisk_files
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 3.5

    LOW
    CVE-2024-10710

    The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : yadisk_files
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-6393

    The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltere... Read more

    Affected Products : nextgen_gallery
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2025-1683

    Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Path Traversal

  • 3.3

    LOW
    CVE-2024-23217

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences.... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %0.01
    • Published: Jan. 23, 2024
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-23206

    An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerpri... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • EPSS Score: %0.48
    • Published: Jan. 23, 2024
    • Modified: May. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-0809

    Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.02
    • Published: Jan. 24, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-42156

    D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.... Read more

    • EPSS Score: %1.92
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 8.1

    HIGH
    CVE-2022-41674

    An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.17
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025
Showing 20 of 291722 Results