Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-3677

    The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blo... Read more

    Affected Products : advanced_import
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2022-3426

    The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : advanced_wp_columns
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 4.7

    MEDIUM
    CVE-2022-39134

    In audio driver, there is a use after free due to a race condition. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-39133

    In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.... Read more

    Affected Products : android sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 t618 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-39132

    In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-39131

    In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-39130

    In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-39129

    In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-39106

    In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 7.8

    HIGH
    CVE-2022-39102

    In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 7.8

    HIGH
    CVE-2022-39101

    In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 7.8

    HIGH
    CVE-2022-39100

    In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 7.8

    HIGH
    CVE-2022-35259

    XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges.... Read more

    Affected Products : endpoint_manager
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-35256

    The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.... Read more

    Affected Products : debian_linux sinec_ins node.js llhttp
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.1

    CRITICAL
    CVE-2022-35255

    A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it ass... Read more

    Affected Products : debian_linux sinec_ins node.js
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-27773

    A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges.... Read more

    Affected Products : endpoint_manager
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2021-39434

    A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.... Read more

    Affected Products : zktime
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2021-34181

    Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.... Read more

    Affected Products : tomexam
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.6

    HIGH
    CVE-2025-29458

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.6

    HIGH
    CVE-2025-29457

    An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Import a Theme function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.... Read more

    Affected Products : mybb
    • Published: Apr. 17, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293562 Results