Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-3494

    The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a ... Read more

    Affected Products : complianz
    • EPSS Score: %0.41
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-3489

    The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request... Read more

    Affected Products : wp_hide
    • EPSS Score: %0.11
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-3486

    An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.29
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-3481

    The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : woocommerce_dropshipping
    • EPSS Score: %1.09
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-3280

    An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.12
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.3

    HIGH
    CVE-2022-3265

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a ... Read more

    Affected Products : gitlab
    • EPSS Score: %52.85
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2022-32611

    In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALP... Read more

    Affected Products : android mt6879 mt6895 mt6983
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.4

    MEDIUM
    CVE-2022-32610

    In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476.... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 +23 more products
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2022-21778

    In vpu, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06382421; Issue I... Read more

    Affected Products : android mt6779 mt6785 mt6853 mt6853t mt6873 mt6877 mt6885 mt6891 mt6893 +7 more products
    • EPSS Score: %0.01
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 3.3

    LOW
    CVE-2022-20446

    In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a possible way to access the microphone from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges ne... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-20445

    In process_service_search_rsp of sdp_discovery.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2025-27188

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security m... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-36740

    An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.... Read more

    Affected Products : oneflow
    • Published: Jun. 06, 2024
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2024-37384

    Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.... Read more

    Affected Products : debian_linux webmail roundcube_webmail
    • Published: Jun. 07, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-37385

    Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Jun. 07, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-4620

    The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form... Read more

    Affected Products : arforms_form_builder arforms
    • Published: Jun. 07, 2024
    • Modified: May. 01, 2025

  • 4.8

    MEDIUM
    CVE-2024-4621

    The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered... Read more

    Affected Products : arforms_form_builder arforms
    • Published: Jun. 07, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-38440

    Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version... Read more

    Affected Products : netatalk
    • Published: Jun. 16, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-38441

    Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.... Read more

    Affected Products : netatalk
    • Published: Jun. 16, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2024-37734

    An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.... Read more

    Affected Products : openemr
    • Published: Jun. 26, 2024
    • Modified: May. 01, 2025
Showing 20 of 291141 Results