Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2022-41581

    The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.13
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.1

    HIGH
    CVE-2022-41577

    The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.03
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2022-41576

    The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.06
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 8.8

    HIGH
    CVE-2022-41539

    Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.15
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.5

    HIGH
    CVE-2022-41323

    In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.... Read more

    Affected Products : django
    • EPSS Score: %6.17
    • Published: Oct. 16, 2022
    • Modified: May. 14, 2025

  • 8.4

    HIGH
    CVE-2022-33214

    Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more

    • EPSS Score: %0.06
    • Published: Oct. 19, 2022
    • Modified: May. 14, 2025

  • 8.4

    HIGH
    CVE-2022-33210

    Memory corruption in automotive multimedia due to use of out-of-range pointer offset while parsing command request packet with a very large type value. in Snapdragon Auto... Read more

    • EPSS Score: %0.08
    • Published: Oct. 19, 2022
    • Modified: May. 14, 2025

  • 9.9

    CRITICAL
    CVE-2022-2992

    A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.... Read more

    Affected Products : gitlab
    • EPSS Score: %93.59
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.9

    CRITICAL
    CVE-2022-2884

    A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint... Read more

    Affected Products : gitlab
    • EPSS Score: %80.03
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2017-20149

    The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vu... Read more

    Affected Products : routeros
    • EPSS Score: %1.39
    • Published: Oct. 15, 2022
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2024-10858

    The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.... Read more

    Affected Products : jetpack
    • Published: Dec. 25, 2024
    • Modified: May. 14, 2025

  • 4.7

    MEDIUM
    CVE-2024-10903

    The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.... Read more

    Affected Products : broken_link_checker
    • Published: Dec. 26, 2024
    • Modified: May. 14, 2025

  • 8.8

    HIGH
    CVE-2024-12941

    A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of the argument id leads to sql injection. The attack ... Read more

    Affected Products : blood_donor_management_system
    • Published: Dec. 26, 2024
    • Modified: May. 14, 2025

  • 5.3

    MEDIUM
    CVE-2024-13688

    The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request... Read more

    Affected Products : admin_and_site_enhancements
    • Published: Apr. 28, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2024-13685

    The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE... Read more

    Affected Products : admin_and_site_enhancements
    • Published: Mar. 04, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authentication

  • 5.9

    MEDIUM
    CVE-2024-11644

    The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : wp-svg
    • Published: Dec. 27, 2024
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2024-11921

    The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : givewp
    • Published: Dec. 27, 2024
    • Modified: May. 14, 2025

  • 9.1

    CRITICAL
    CVE-2025-21609

    SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a ... Read more

    Affected Products : siyuan
    • Published: Jan. 03, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-28322

    SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request.... Read more

    Affected Products : event_management
    • Published: Apr. 26, 2024
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2024-3433

    A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cr... Read more

    Affected Products : event_management
    • Published: Apr. 07, 2024
    • Modified: May. 14, 2025
Showing 20 of 291625 Results