Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-25900

    All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.... Read more

    Affected Products : git-clone
    • EPSS Score: %1.89
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-39167

    OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. ... Read more

    Affected Products : contracts openzeppelin_contracts
    • EPSS Score: %0.44
    • Published: Aug. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39616

    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438... Read more

    Affected Products : android
    • EPSS Score: %0.12
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26536

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.... Read more

    Affected Products : m3_firmware m3
    • EPSS Score: %14.48
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27076

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.... Read more

    Affected Products : m3_firmware m3
    • EPSS Score: %14.48
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27016

    There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Apr. 07, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-35004

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific fla... Read more

    Affected Products : tl-wa1201_firmware tl-wa1201
    • EPSS Score: %16.46
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-3831

    A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to imp... Read more

    • EPSS Score: %6.12
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2021-40887

    Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folde... Read more

    Affected Products : projectsend
    • EPSS Score: %0.82
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-40050

    There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.23
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28561

    There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload... Read more

    Affected Products : ax12_firmware ax12
    • EPSS Score: %2.39
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28905

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %11.61
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29321

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %1.87
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29324

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %1.87
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-29472

    An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker ca... Read more

    • EPSS Score: %0.88
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-29822

    Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection... Read more

    Affected Products : feathers-sequelize
    • EPSS Score: %0.06
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-10176

    ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands.... Read more

    • EPSS Score: %0.45
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30521

    The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without c... Read more

    Affected Products : dir-890l_firmware dir-890l
    • EPSS Score: %7.45
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11920

    An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters... Read more

    Affected Products : siime_eye_firmware siime_eye
    • EPSS Score: %11.08
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30912

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292511 Results