Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-20447

    In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • EPSS Score: %0.24
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-20441

    In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution priv... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-20426

    In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-20414

    In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for ex... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2021-40303

    perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.... Read more

    Affected Products : perfex_crm
    • EPSS Score: %0.15
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2021-39661

    In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2021-1050

    In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43435

    A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43433

    A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43432

    A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirec... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43430

    A flaw was found in moodle. External API access to Quiz can override contained insufficient access control.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2024-43429

    A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 3.7

    LOW
    CVE-2024-43427

    A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third part... Read more

    Affected Products : moodle
    • Published: Nov. 11, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-43440

    A flaw was found in moodle. A local file may include risks when restoring block backups.... Read more

    Affected Products : moodle
    • Published: Nov. 07, 2024
    • Modified: May. 01, 2025

  • 8.1

    HIGH
    CVE-2024-43434

    The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.... Read more

    Affected Products : moodle
    • Published: Nov. 07, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-43431

    A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.... Read more

    Affected Products : moodle
    • Published: Nov. 07, 2024
    • Modified: May. 01, 2025

  • 7.7

    HIGH
    CVE-2024-43428

    To address a cache poisoning risk in Moodle, additional validation for local storage was required.... Read more

    Affected Products : moodle
    • Published: Nov. 07, 2024
    • Modified: May. 01, 2025

  • 8.1

    HIGH
    CVE-2024-43425

    A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.... Read more

    Affected Products : moodle
    • Published: Nov. 07, 2024
    • Modified: May. 01, 2025

  • 6.5

    MEDIUM
    CVE-2024-34004

    In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file includ... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 6.5

    MEDIUM
    CVE-2024-34005

    In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a loca... Read more

    Affected Products : moodle
    • Published: May. 31, 2024
    • Modified: May. 01, 2025
Showing 20 of 291157 Results