Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-33321

    Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Condit... Read more

    • EPSS Score: %0.58
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.8

    MEDIUM
    CVE-2022-32618

    In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User... Read more

    Affected Products : android mt6833 mt6873 mt6893 mt8798
    • EPSS Score: %0.05
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.8

    MEDIUM
    CVE-2022-32617

    In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User... Read more

    Affected Products : android mt6789 mt6855 mt6895 mt6983 mt8798
    • EPSS Score: %0.05
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2022-32616

    In isp, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341258; Issue ID: ALPS073... Read more

    Affected Products : android mt6983 mt8871 mt8891
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2022-32615

    In ccd, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326559; Issue ID: ALPS073... Read more

    Affected Products : android mt6983 mt8871 mt8891
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2022-32614

    In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571... Read more

    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.4

    MEDIUM
    CVE-2022-32613

    In vcu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07206340; Issue ID: ALPS0720634... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 +23 more products
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.4

    MEDIUM
    CVE-2022-32612

    In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203500; Issue ID: ALPS07203500.... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 +23 more products
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-32602

    In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388790; I... Read more

    Affected Products : android mt6833 mt6883 mt8675 mt8791 mt8791t mt8797 mt6983 mt8321 mt8765 +7 more products
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-32601

    In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; ... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6853t mt6855 mt6873 +31 more products
    • EPSS Score: %0.00
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-30515

    ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration.... Read more

    Affected Products : biotime
    • EPSS Score: %0.25
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-26446

    In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not need... Read more

    Affected Products : lr13 nr15 nr16 lr12a mt2735 mt6779 mt6781 mt6783 mt6785 mt6785t +46 more products
    • EPSS Score: %1.66
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.3

    HIGH
    CVE-2024-29131

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.... Read more

    • Published: Mar. 21, 2024
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2024-29133

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.... Read more

    Affected Products : fedora commons_configuration
    • Published: Mar. 21, 2024
    • Modified: May. 01, 2025

  • 5.7

    MEDIUM
    CVE-2024-50997

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craft... Read more

    • Published: Nov. 05, 2024
    • Modified: May. 01, 2025

  • 9.0

    CRITICAL
    CVE-2024-42019

    A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication.... Read more

    Affected Products : one
    • Published: Sep. 07, 2024
    • Modified: May. 01, 2025

  • 8.3

    HIGH
    CVE-2024-40714

    An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Sep. 07, 2024
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2024-40713

    A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Sep. 07, 2024
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2024-40712

    A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).... Read more

    Affected Products : veeam_backup_\&_replication
    • Published: Sep. 07, 2024
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2025-29041

    An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c... Read more

    • Published: Apr. 17, 2025
    • Modified: May. 01, 2025
Showing 20 of 291138 Results