Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2021-33032

    A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system comman... Read more

    • EPSS Score: %50.22
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-28911

    BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack ag... Read more

    Affected Products : eibport_firmware eibport
    • EPSS Score: %2.33
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-28913

    BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an a... Read more

    Affected Products : eibport_firmware eibport
    • EPSS Score: %2.83
    • Published: Sep. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2242

    Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon V... Read more

    • EPSS Score: %0.38
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-1449

    Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.38
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-22704

    The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.... Read more

    Affected Products : zabbix-agent2 alpine_linux
    • EPSS Score: %0.42
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2300

    Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Sn... Read more

    • EPSS Score: %0.36
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-22832

    An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.... Read more

    Affected Products : tessa
    • EPSS Score: %17.58
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-24049

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The spec... Read more

    Affected Products : s1 s2 one
    • EPSS Score: %37.96
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37120

    There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.... Read more

    Affected Products : emui magic_ui
    • EPSS Score: %0.26
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-37705

    OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerabl... Read more

    Affected Products : onefuzz
    • EPSS Score: %0.71
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23450

    A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure des... Read more

    • EPSS Score: %33.34
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-32305

    WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.... Read more

    Affected Products : websvn
    • EPSS Score: %93.29
    • Published: May. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25060

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.... Read more

    Affected Products : tl-wr840n_firmware tl-wr840n
    • EPSS Score: %74.66
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25073

    TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • EPSS Score: %3.35
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4486

    Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.... Read more

    Affected Products : yerba
    • EPSS Score: %7.96
    • Published: Oct. 08, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-25431

    Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25439

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4525

    Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.... Read more

    Affected Products : advantech_webaccess
    • EPSS Score: %0.34
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-2595

    Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.... Read more

    Affected Products : titra
    • EPSS Score: %0.36
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results