Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-4486

    Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.... Read more

    Affected Products : yerba
    • Published: Oct. 08, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-25439

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-2595

    Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.... Read more

    Affected Products : titra
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11532

    Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user.... Read more

    • Published: May. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26289

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.... Read more

    Affected Products : m3_firmware m3
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4730

    The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended ... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-41506

    Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20... Read more

    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-42237

    Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this... Read more

    Affected Products : experience_platform
    • Actively Exploited
    • Published: Nov. 05, 2021
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-29303

    SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • Actively Exploited
    • Published: May. 12, 2022
    • Modified: Mar. 12, 2025

  • 10.0

    HIGH
    CVE-2022-29397

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29399

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29539

    resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass... Read more

    Affected Products : gemini-net
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30329

    An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.... Read more

    Affected Products : tew-831dr_firmware tew-831dr
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38390

    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egy... Read more

    Affected Products : diaenergie
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-38530

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2... Read more

    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11951

    An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44880

    D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted... Read more

    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-12124

    A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.... Read more

    Affected Products : wn530h4_firmware wn530h4
    • Published: Oct. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-32454

    A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to remote code execution. An attacker can send a malicious XML paylo... Read more

    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6387

    iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.... Read more

    Affected Products : ib-wra150n_firmware ib-wra150n
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292846 Results