Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-20216

    android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-2023

    Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.... Read more

    Affected Products : trudesk
    • EPSS Score: %0.35
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-1246

    Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog c... Read more

    Affected Products : snmppd
    • EPSS Score: %15.11
    • Published: Apr. 24, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2010-2977

    Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.... Read more

    • EPSS Score: %0.40
    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-21196

    MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain a... Read more

    • EPSS Score: %0.56
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33274

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products : dir-809_firmware dir-809
    • EPSS Score: %1.87
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27850

    A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: B... Read more

    Affected Products : tapestry
    • EPSS Score: %94.22
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4051

    CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and pro... Read more

    Affected Products : web_studio indusoft_web_studio
    • EPSS Score: %74.79
    • Published: Dec. 05, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-11541

    A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Bui... Read more

    • EPSS Score: %0.30
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-35973

    NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue... Read more

    Affected Products : wac104_firmware wac104
    • EPSS Score: %1.45
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23178

    An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically,... Read more

    • EPSS Score: %92.94
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4163

    Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.... Read more

    Affected Products : database_archiving_software
    • EPSS Score: %31.27
    • Published: Dec. 29, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-36385

    A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed throug... Read more

    Affected Products : mobile_care
    • EPSS Score: %3.46
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-5133

    Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."... Read more

    Affected Products : mybb
    • EPSS Score: %0.38
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-17411

    An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.... Read more

    Affected Products : data_quality_suite
    • EPSS Score: %0.66
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-1596

    index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.... Read more

    Affected Products : sbx
    • EPSS Score: %5.24
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2022-2421

    Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.... Read more

    Affected Products : socket.io-parser
    • EPSS Score: %1.14
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-2422

    Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.... Read more

    Affected Products : feathers-sequelize
    • EPSS Score: %0.07
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37912

    The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the... Read more

    Affected Products : oaklouds_portal
    • EPSS Score: %5.68
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31757

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %1.96
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291400 Results