Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-26754

    wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.... Read more

    Affected Products : wpdatatables
    • EPSS Score: %9.12
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27171

    An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).... Read more

    Affected Products : hg6245d_firmware hg6245d
    • EPSS Score: %0.10
    • Published: Feb. 10, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27329

    Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.... Read more

    Affected Products : friendica frendica
    • EPSS Score: %0.29
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-7287

    MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.... Read more

    Affected Products : sentry virtual_smartphone_platform
    • EPSS Score: %0.29
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27691

    Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS comm... Read more

    Affected Products : g0_firmware g1_firmware g3_firmware g3 g0 g1
    • EPSS Score: %3.50
    • Published: Apr. 16, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-3591

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52,... Read more

    • EPSS Score: %0.22
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-29475

    HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore t... Read more

    Affected Products : hedgedoc
    • EPSS Score: %0.26
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22333

    There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions.... Read more

    Affected Products : emui magic_ui
    • EPSS Score: %0.18
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1369

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21951

    An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code ex... Read more

    • EPSS Score: %0.88
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2324

    180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS resolution of static.zangocash.com.... Read more

    Affected Products : zango
    • EPSS Score: %0.63
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2019-20467

    An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. The device by default has a TELNET interface available (which is not advertised or functionally used, but is nevertheless available). Two backdoor accounts (root ... Read more

    • EPSS Score: %1.35
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-25294

    OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit ... Read more

    Affected Products : opencats
    • EPSS Score: %27.73
    • Published: Jan. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10487

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, ... Read more

    • EPSS Score: %0.19
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-1992

    Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.... Read more

    Affected Products : gogs windows
    • EPSS Score: %1.60
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-17105

    AV1 Video Extension Remote Code Execution Vulnerability... Read more

    Affected Products : av1_video_extension
    • EPSS Score: %6.19
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26607

    An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.... Read more

    Affected Products : windows nexacro
    • EPSS Score: %0.97
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26614

    ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.... Read more

    Affected Products : c200_firmware c200
    • EPSS Score: %3.46
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-2984

    Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.... Read more

    • EPSS Score: %0.50
    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-21141

    MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these f... Read more

    • EPSS Score: %0.71
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results