Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2022-29165

    Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to imperso... Read more

    Affected Products : argo-cd argo_cd
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28911

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28908

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28907

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28895

    A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.... Read more

    Affected Products : dir-882_firmware dir-882
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-3742

    The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.... Read more

    Affected Products : kdebase
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-28912

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28909

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28915

    D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30105

    In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vu... Read more

    Affected Products : n300 n300_firmware
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28906

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28584

    It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28560

    There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload... Read more

    Affected Products : ac9_firmware ac9
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28575

    It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28583

    It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28579

    It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28582

    It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28580

    It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39615

    D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet an... Read more

    Affected Products : dsr-500n_firmware dsr-500n
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28381

    Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.... Read more

    Affected Products : allmediaserver
    • Published: Apr. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293496 Results