Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-25429

    Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25453

    Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.... Read more

    Affected Products : ac6_firmware ac6
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33218

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.... Read more

    Affected Products : ruckus_iot_controller
    • EPSS Score: %1.25
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5473

    An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions tha... Read more

    • EPSS Score: %4.26
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39645

    Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26836

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4749

    The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation,... Read more

    • EPSS Score: %1.06
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4755

    Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a ... Read more

    • EPSS Score: %1.86
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-26995

    Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary c... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • EPSS Score: %14.22
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26998

    Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • EPSS Score: %14.22
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27001

    Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • EPSS Score: %14.22
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39979

    HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.33
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1708

    The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : chrome_os
    • EPSS Score: %2.88
    • Published: Mar. 16, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-15428

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsin... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5770

    An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device tha... Read more

    Affected Products : ac15_firmware ac15_firmware ac15
    • EPSS Score: %3.86
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5624

    An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disable_dm_verity' command. Having dm-verity disable... Read more

    Affected Products : oxygenos oneplus_3 oneplus_3t
    • EPSS Score: %1.97
    • Published: Mar. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-7856

    Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : dng_converter
    • EPSS Score: %3.77
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2022-28911

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %11.61
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37270

    There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background admini... Read more

    • EPSS Score: %0.26
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3769

    # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if th... Read more

    Affected Products : oh_my_zsh
    • EPSS Score: %0.33
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290981 Results