Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-2805

    A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.... Read more

    Affected Products : virtualization ovirt-engine
    • EPSS Score: %0.08
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 7.5

    HIGH
    CVE-2022-25736

    Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... Read more

    • EPSS Score: %0.16
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-25720

    Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... Read more

    • EPSS Score: %0.25
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.1

    CRITICAL
    CVE-2022-25719

    Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... Read more

    • EPSS Score: %0.11
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-25718

    Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,... Read more

    • EPSS Score: %0.22
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-25687

    memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable... Read more

    • EPSS Score: %0.19
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 6.7

    MEDIUM
    CVE-2022-25666

    Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infra... Read more

    • EPSS Score: %0.04
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2022-23734

    A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side requ... Read more

    Affected Products : enterprise_server
    • EPSS Score: %1.23
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 8.1

    HIGH
    CVE-2022-23241

    Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention per... Read more

    Affected Products : clustered_data_ontap
    • EPSS Score: %0.23
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 8.8

    HIGH
    CVE-2022-1414

    3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks.... Read more

    Affected Products : 3scale_api_management
    • EPSS Score: %0.24
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 7.5

    HIGH
    CVE-2020-23648

    Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.... Read more

    Affected Products : rt-n12e_firmware rt-n12e
    • EPSS Score: %0.28
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2016-20016

    MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been ... Read more

    • EPSS Score: %50.00
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 5.5

    MEDIUM
    CVE-2013-4281

    In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.... Read more

    Affected Products : openshift
    • EPSS Score: %0.02
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-4098

    The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the serv... Read more

    Affected Products : shariff_wrapper
    • Published: Jun. 20, 2024
    • Modified: May. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-2695

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes ... Read more

    Affected Products : shariff_wrapper
    • Published: Jun. 15, 2024
    • Modified: May. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-1450

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes ... Read more

    Affected Products : shariff_wrapper
    • Published: Mar. 21, 2024
    • Modified: May. 09, 2025

  • 6.4

    MEDIUM
    CVE-2024-0966

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes l... Read more

    Affected Products : shariff_wrapper
    • Published: Mar. 21, 2024
    • Modified: May. 09, 2025

  • 6.5

    MEDIUM
    CVE-2024-29109

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10. ... Read more

    Affected Products : shariff_wrapper
    • Published: Mar. 19, 2024
    • Modified: May. 09, 2025

  • 6.4

    MEDIUM
    CVE-2023-6500

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes s... Read more

    Affected Products : shariff_wrapper
    • Published: Mar. 21, 2024
    • Modified: May. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-6067

    The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to... Read more

    • Published: Apr. 15, 2024
    • Modified: May. 09, 2025
Showing 20 of 291712 Results