Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2020-9210

    There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service o... Read more

    Affected Products : myna_firmware myna
    • Published: Dec. 27, 2024
    • Modified: Jan. 13, 2025

  • 3.3

    LOW
    CVE-2020-9089

    There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information lea... Read more

    Affected Products : p30_pro_firmware p30_pro
    • Published: Dec. 27, 2024
    • Modified: Jan. 13, 2025

  • 4.3

    MEDIUM
    CVE-2020-9086

    There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vuln... Read more

    Affected Products : b612_firmware b612
    • Published: Dec. 27, 2024
    • Modified: Jan. 13, 2025

  • 5.3

    MEDIUM
    CVE-2020-9085

    There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some pr... Read more

    Affected Products : b612_firmware b612
    • Published: Dec. 27, 2024
    • Modified: Jan. 13, 2025

  • 4.6

    MEDIUM
    CVE-2020-9082

    There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Succe... Read more

    Affected Products : mate_20_firmware mate_20
    • Published: Dec. 27, 2024
    • Modified: Jan. 14, 2025

  • 6.8

    MEDIUM
    CVE-2020-9081

    There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID:... Read more

    • Published: Dec. 27, 2024
    • Modified: Jan. 10, 2025

  • 7.8

    HIGH
    CVE-2020-9080

    There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerabili... Read more

    • Published: Dec. 27, 2024
    • Modified: Jan. 10, 2025

  • 5.3

    MEDIUM
    CVE-2020-1819

    There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet... Read more

    • Published: Dec. 27, 2024
    • Modified: Jan. 10, 2025

  • 5.3

    MEDIUM
    CVE-2020-1818

    There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet... Read more

    • Published: Dec. 27, 2024
    • Modified: Jan. 10, 2025

  • 5.2

    MEDIUM
    CVE-2024-12983

    A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the ar... Read more

    • Published: Dec. 27, 2024
    • Modified: Mar. 28, 2025

  • 7.5

    HIGH
    CVE-2024-56527

    An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 17, 2025

  • 5.1

    MEDIUM
    CVE-2024-12982

    A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Addr... Read more

    • Published: Dec. 27, 2024
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2024-12981

    A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to s... Read more

    Affected Products : car_rental_system
    • Published: Dec. 27, 2024
    • Modified: Mar. 05, 2025

  • 4.8

    MEDIUM
    CVE-2024-11921

    The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : givewp
    • Published: Dec. 27, 2024
    • Modified: May. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-11842

    The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    • Published: Dec. 27, 2024
    • Modified: May. 17, 2025

  • 4.8

    MEDIUM
    CVE-2024-11645

    The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : float_block
    • Published: Dec. 27, 2024
    • Modified: Jun. 12, 2025

  • 5.9

    MEDIUM
    CVE-2024-11644

    The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr... Read more

    Affected Products : wp-svg
    • Published: Dec. 27, 2024
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2024-11605

    The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : wp-publications
    • Published: Dec. 27, 2024
    • Modified: Jun. 12, 2025

  • 7.5

    HIGH
    CVE-2024-56522

    An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2024-56521

    An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.... Read more

    Affected Products : tcpdf
    • Published: Dec. 27, 2024
    • Modified: Apr. 21, 2025
Showing 20 of 293493 Results