Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-10425

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, S... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10441

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52,... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10496

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 210/SD 212/SD 205, SD 410/12, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, and SD 810, A NULL pointer dereference can occur during an SSL hands... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-20216

    android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916... Read more

    Affected Products : android
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-2023

    Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.... Read more

    Affected Products : trudesk
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21196

    MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain a... Read more

    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33274

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products : dir-809_firmware dir-809
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27850

    A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: B... Read more

    Affected Products : tapestry
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-35973

    NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue... Read more

    Affected Products : wac104_firmware wac104
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23178

    An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically,... Read more

    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-36385

    A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed throug... Read more

    Affected Products : mobile_care
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-5133

    Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."... Read more

    Affected Products : mybb
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-17411

    An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.... Read more

    Affected Products : data_quality_suite
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-2421

    Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.... Read more

    Affected Products : socket.io-parser
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-24783

    Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and ... Read more

    Affected Products : deno
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-24796

    RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of... Read more

    Affected Products : raspberrymatic
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25414

    Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25435

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25437

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5347

    Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.... Read more

    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293436 Results