Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-39615

    D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet an... Read more

    Affected Products : dsr-500n_firmware dsr-500n
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28381

    Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.... Read more

    Affected Products : allmediaserver
    • Published: Apr. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28349

    Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.... Read more

    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-27625

    A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified ... Read more

    • Published: Oct. 20, 2022
    • Modified: Jan. 14, 2025

  • 10.0

    HIGH
    CVE-2022-27571

    Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.... Read more

    Affected Products : android dex
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27411

    TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.... Read more

    Affected Products : n600r_firmware n600r
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27250

    The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data.... Read more

    Affected Products : unisoc_chipset
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27175

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comma... Read more

    Affected Products : diaenergie
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27079

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.... Read more

    Affected Products : m3_firmware m3
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26997

    Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27228

    In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.... Read more

    Affected Products : bitrix24
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27000

    Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary com... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26995

    Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary c... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27078

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.... Read more

    Affected Products : m3_firmware m3
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27022

    There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.... Read more

    Affected Products : ac9_firmware ac9
    • Published: Apr. 07, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27080

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.... Read more

    Affected Products : m3_firmware m3
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27077

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.... Read more

    Affected Products : m3_firmware m3
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-26959

    There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory a... Read more

    Affected Products : northstar_club_management
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26836

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute... Read more

    Affected Products : diaenergie
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26349

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and exec... Read more

    Affected Products : diaenergie
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293428 Results