Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-5749

    install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary ... Read more

    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-29226

    Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be... Read more

    Affected Products : envoy
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-29165

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to imperso... Read more

    Affected Products : argo-cd argo_cd
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28911

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28908

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28907

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28895

    A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.... Read more

    Affected Products : dir-882_firmware dir-882
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-3742

    The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.... Read more

    Affected Products : kdebase
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-28912

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28909

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28915

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30105

    In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vu... Read more

    Affected Products : n300 n300_firmware
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28906

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28584

    It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28560

    There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload... Read more

    Affected Products : ac9_firmware ac9
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28575

    It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28583

    It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28579

    It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28582

    It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28580

    It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293436 Results