Latest CVE Feed
-
5.5
MEDIUMCVE-2025-46593
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2024-45567
Memory corruption while encoding JPEG format.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware sxr2230p_firmware wsa8832_firmware wcn3660b_firmware fastconnect_6900_firmware fastconnect_7800_firmware sdm429w_firmware +18 more products- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45566
Memory corruption during concurrent buffer access due to modification of the reference count.... Read more
Affected Products : qca6391_firmware qca6426_firmware qca6436_firmware sd865_5g_firmware wcd9380_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware snapdragon_x55_5g_modem-rf_system_firmware +36 more products- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45565
Memory corruption when blob structure is modified by user-space after kernel verification.... Read more
- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45564
Memory corruption during concurrent access to server info object due to incorrect reference count update.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware +116 more products- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45563
Memory corruption while handling schedule request in Camera Request Manager(CRM) due to invalid link count in the corresponding session.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware sxr2230p_firmware wsa8832_firmware wcn3660b_firmware fastconnect_6900_firmware fastconnect_7800_firmware sdm429w_firmware +18 more products- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45554
Memory corruption during concurrent SSR execution due to race condition on the global maps list.... Read more
Affected Products : sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware wsa8830_firmware wsa8835_firmware sxr2230p_firmware wsa8832_firmware +32 more products- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45568
Memory corruption due to improper bounds check while command handling in camera-kernel driver.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware sxr2230p_firmware wsa8832_firmware wcn3660b_firmware fastconnect_6900_firmware fastconnect_7800_firmware sdm429w_firmware +16 more products- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45570
Memory corruption may occur during IO configuration processing when the IO port count is invalid.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware +106 more products- Published: May. 06, 2025
- Modified: May. 09, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2024-24142
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.... Read more
Affected Products : school_task_manager- EPSS Score: %9.57
- Published: Feb. 13, 2024
- Modified: May. 09, 2025
-
8.3
HIGHCVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.... Read more
- EPSS Score: %94.30
- Published: Feb. 13, 2024
- Modified: May. 09, 2025
-
6.5
MEDIUMCVE-2024-21491
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter ... Read more
- EPSS Score: %0.02
- Published: Feb. 13, 2024
- Modified: May. 09, 2025
-
5.4
MEDIUMCVE-2023-52059
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.... Read more
Affected Products : gestsup- EPSS Score: %0.20
- Published: Feb. 13, 2024
- Modified: May. 09, 2025
-
4.8
MEDIUMCVE-2022-3391
The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more
Affected Products : retain_live_chat- EPSS Score: %0.13
- Published: Oct. 25, 2022
- Modified: May. 09, 2025
-
4.8
MEDIUMCVE-2022-3350
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more
Affected Products : contact_bank- EPSS Score: %0.10
- Published: Oct. 25, 2022
- Modified: May. 09, 2025
-
7.2
HIGHCVE-2022-3335
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is... Read more
Affected Products : kadence_woocommerce_email_designer- EPSS Score: %0.32
- Published: Oct. 25, 2022
- Modified: May. 09, 2025
-
7.2
HIGHCVE-2022-3302
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin... Read more
Affected Products : spam_protection\,_antispam\,_firewall- EPSS Score: %0.24
- Published: Oct. 25, 2022
- Modified: May. 09, 2025
-
7.2
HIGHCVE-2022-3300
The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin... Read more
Affected Products : form_maker- EPSS Score: %0.36
- Published: Oct. 25, 2022
- Modified: May. 09, 2025
-
6.5
MEDIUMCVE-2022-3247
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subsc... Read more
Affected Products : blog2social- EPSS Score: %0.60
- Published: Oct. 25, 2022
- Modified: May. 09, 2025
-
5.4
MEDIUMCVE-2022-34870
Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.... Read more
Affected Products : geode- EPSS Score: %1.31
- Published: Oct. 25, 2022
- Modified: May. 09, 2025