Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-33274

    D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.... Read more

    Affected Products : dir-809_firmware dir-809
    • EPSS Score: %1.87
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27850

    A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: B... Read more

    Affected Products : tapestry
    • EPSS Score: %94.22
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4051

    CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and pro... Read more

    Affected Products : web_studio indusoft_web_studio
    • EPSS Score: %74.79
    • Published: Dec. 05, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-11541

    A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Bui... Read more

    • EPSS Score: %0.30
    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-35973

    NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue... Read more

    Affected Products : wac104_firmware wac104
    • EPSS Score: %1.45
    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23178

    An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically,... Read more

    • EPSS Score: %92.94
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4163

    Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1213.... Read more

    Affected Products : database_archiving_software
    • EPSS Score: %25.56
    • Published: Dec. 29, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-36385

    A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID field. Arbitrary system commands can be executed throug... Read more

    Affected Products : mobile_care
    • EPSS Score: %3.46
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-5133

    Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."... Read more

    Affected Products : mybb
    • EPSS Score: %0.38
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-17411

    An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.... Read more

    Affected Products : data_quality_suite
    • EPSS Score: %0.66
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-1596

    index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.... Read more

    Affected Products : sbx
    • EPSS Score: %5.24
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2022-2421

    Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.... Read more

    Affected Products : socket.io-parser
    • EPSS Score: %0.23
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-2422

    Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.... Read more

    Affected Products : feathers-sequelize
    • EPSS Score: %0.07
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37912

    The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the... Read more

    Affected Products : oaklouds_portal
    • EPSS Score: %5.68
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31757

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %1.96
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-24783

    Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and ... Read more

    Affected Products : deno
    • EPSS Score: %0.34
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-24796

    RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of... Read more

    Affected Products : raspberrymatic
    • EPSS Score: %6.44
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25414

    Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %2.52
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-6189

    Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666.... Read more

    Affected Products : application_information_optimizer
    • EPSS Score: %42.82
    • Published: Dec. 29, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-25435

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292212 Results