Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-3609

    The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow... Read more

    Affected Products : getyourguide_ticketing
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-3605

    The WP CSV Exporter WordPress plugin before 1.3.7 does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability.... Read more

    Affected Products : wp_csv_exporter
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-3510

    A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embe... Read more

    Affected Products : protobuf-java protobuf-javalite
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-3509

    A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages... Read more

    Affected Products : protobuf-java protobuf-javalite
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-3108

    An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().... Read more

    Affected Products : linux_kernel
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-3107

    An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-3105

    An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().... Read more

    Affected Products : linux_kernel
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20475

    In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interact... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20474

    In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-20473

    In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Prod... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-20472

    In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Prod... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20471

    In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for explo... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-20470

    In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-20469

    In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-20468

    In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20466

    In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional executi... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 4.4

    MEDIUM
    CVE-2022-20449

    In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed ... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2021-0934

    In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: ... Read more

    Affected Products : android
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2025-0949

    A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file partview.php. The manipulation of the argument typeid leads to sql injection. The attack can be ... Read more

    Affected Products : tailoring_management_system
    • Published: Feb. 01, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2024-12965

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /update_ex_detail.php. The manipulation of the argument q leads to sql injection. The att... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Dec. 26, 2024
    • Modified: Apr. 22, 2025
Showing 20 of 293559 Results