Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2005-1596

    index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.... Read more

    Affected Products : sbx
    • EPSS Score: %5.24
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2022-2421

    Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.... Read more

    Affected Products : socket.io-parser
    • EPSS Score: %1.14
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-2422

    Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.... Read more

    Affected Products : feathers-sequelize
    • EPSS Score: %0.07
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37912

    The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the... Read more

    Affected Products : oaklouds_portal
    • EPSS Score: %5.68
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-31757

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : ac11_firmware ac11
    • EPSS Score: %1.96
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-24783

    Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and ... Read more

    Affected Products : deno
    • EPSS Score: %0.34
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-24796

    RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the WebUI interface of... Read more

    Affected Products : raspberrymatic
    • EPSS Score: %6.44
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25414

    Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %2.52
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-6189

    Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666.... Read more

    Affected Products : application_information_optimizer
    • EPSS Score: %42.82
    • Published: Dec. 29, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-25435

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25437

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-32983

    A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword b... Read more

    Affected Products : diaenergie
    • EPSS Score: %1.98
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5347

    Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.... Read more

    • EPSS Score: %37.78
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25900

    All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.... Read more

    Affected Products : git-clone
    • EPSS Score: %1.89
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26065

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comma... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-39167

    OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. ... Read more

    Affected Products : contracts openzeppelin_contracts
    • EPSS Score: %0.44
    • Published: Aug. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39616

    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39623

    In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : android
    • EPSS Score: %2.52
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39708

    In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • EPSS Score: %0.63
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26536

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.... Read more

    Affected Products : m3_firmware m3
    • EPSS Score: %14.48
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291205 Results