Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-58112

    Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-58109

    Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-58110

    Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-58111

    Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2024-58113

    Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 5.5

    MEDIUM
    CVE-2024-36011

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt().... Read more

    Affected Products : linux_kernel
    • Published: May. 23, 2024
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2024-26676

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. syzbot reported a warning [0] in __unix_gc() with a repro, which creates a socketpair and sends one socket's fd to itself us... Read more

    Affected Products : linux_kernel
    • Published: Apr. 02, 2024
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2023-52752

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to ... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42939

    A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42938

    A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.... Read more

    • EPSS Score: %0.15
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42937

    A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ... Read more

    • EPSS Score: %0.15
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42936

    A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42935

    A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ... Read more

    • EPSS Score: %0.15
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42934

    A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ... Read more

    • EPSS Score: %0.15
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42933

    A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in ... Read more

    • EPSS Score: %0.06
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-41711

    Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.... Read more

    Affected Products : badaso
    • EPSS Score: %4.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-3644

    The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.... Read more

    • EPSS Score: %0.03
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 7.7

    HIGH
    CVE-2022-3570

    Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure ... Read more

    Affected Products : debian_linux libtiff
    • EPSS Score: %0.01
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-36783

    AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another ... Read more

    Affected Products : fireflow
    • EPSS Score: %0.07
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2024-13381

    The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : calculated_fields_form
    • Published: May. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291531 Results