Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2024-20090

    In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MS... Read more

    Affected Products : android mt6779 mt6785 mt6853 mt6873 mt6885 mt6761 mt6765 mt6768 mt8667 +7 more products
    • Published: Oct. 07, 2024
    • Modified: Apr. 25, 2025

  • 7.8

    HIGH
    CVE-2024-20092

    In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MS... Read more

    Affected Products : android mt6779 mt6785 mt6853 mt6873 mt6885 mt6761 mt6765 mt6768 mt8667 +7 more products
    • Published: Oct. 07, 2024
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2024-20094

    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-15... Read more

    Affected Products : nr15 mt2735 mt6833 mt6853 mt6855 mt6873 mt6875 mt6877 mt6880 mt6883 +11 more products
    • Published: Oct. 07, 2024
    • Modified: Apr. 25, 2025

  • 6.7

    MEDIUM
    CVE-2024-20098

    In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: M... Read more

    Affected Products : android yocto mt6779 mt6781 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 +10 more products
    • Published: Oct. 07, 2024
    • Modified: Apr. 25, 2025

  • 6.7

    MEDIUM
    CVE-2024-20099

    In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: M... Read more

    • Published: Oct. 07, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-20100

    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Iss... Read more

    Affected Products : android iot_yocto mt6985 mt6989 mt6990 mt8183 mt8676 mt8678 mt8755 mt8775 +9 more products
    • Published: Oct. 07, 2024
    • Modified: Apr. 25, 2025

  • 7.2

    HIGH
    CVE-2024-50960

    A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the unde... Read more

    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-29043

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-29042

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 7.2

    HIGH
    CVE-2025-29039

    An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8... Read more

    Affected Products : dir-823x_firmware dir-823x
    • Published: Apr. 17, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-3512

    There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2022-42099

    KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.... Read more

    Affected Products : klik
    • EPSS Score: %0.12
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-41568

    LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.... Read more

    Affected Products : line
    • EPSS Score: %0.07
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-3848

    The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin... Read more

    Affected Products : wp_user_merger
    • EPSS Score: %0.30
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-3833

    The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil... Read more

    Affected Products : fancier_author_box
    • EPSS Score: %0.11
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-3822

    The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : donations_via_paypal
    • EPSS Score: %0.15
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.0

    CRITICAL
    CVE-2022-37721

    PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.... Read more

    Affected Products : pyrocms
    • EPSS Score: %0.11
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 9.0

    CRITICAL
    CVE-2022-37720

    Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege esc... Read more

    Affected Products : orchard_cms
    • EPSS Score: %0.12
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 9.1

    CRITICAL
    CVE-2022-36133

    The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.... Read more

    • EPSS Score: %0.04
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-2721

    In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.... Read more

    Affected Products : octopus_server
    • EPSS Score: %0.22
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 291780 Results