Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-30283

    In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe ... Read more

    Affected Products : kernel
    • EPSS Score: %0.04
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-30258

    An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effe... Read more

    Affected Products : dns_server
    • EPSS Score: %0.13
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-30257

    An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effe... Read more

    Affected Products : dns_server
    • EPSS Score: %0.13
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29279

    Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security ... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29278

    Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during securit... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-29277

    Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addres... Read more

    • EPSS Score: %0.07
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29276

    SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: vers... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29275

    In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kern... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.7

    MEDIUM
    CVE-2022-20460

    In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 6.7

    MEDIUM
    CVE-2022-20459

    In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: Andr... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 6.7

    MEDIUM
    CVE-2022-20428

    In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-1581

    The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.... Read more

    Affected Products : wp-polls
    • EPSS Score: %0.05
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-1579

    The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.... Read more

    Affected Products : login_block_ips
    • EPSS Score: %0.16
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-1578

    The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack... Read more

    Affected Products : my_wpdb
    • EPSS Score: %0.32
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-0421

    The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due ... Read more

    Affected Products : five_star_restaurant_reservations
    • EPSS Score: %0.52
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-47252

    In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actuall... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 7.1

    HIGH
    CVE-2021-47255

    In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APIC register may cause undefined behavior and must not ... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 7.6

    HIGH
    CVE-2025-46252

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2.... Read more

    Affected Products : message_filter_for_contact_form_7
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2025-46253

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2.... Read more

    Affected Products : gutenkit
    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-47256

    In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: make sure wait for page writeback in memory_failure Our syzkaller trigger the "BUG_ON(!list_empty(&inode->i_wb_list))" in clear_inode: kernel BUG at fs/inode.c:519... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025
Showing 20 of 291162 Results