Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-27077

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.... Read more

    Affected Products : m3_firmware m3
    • EPSS Score: %16.11
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27081

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.... Read more

    Affected Products : m3_firmware m3
    • EPSS Score: %14.48
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-26622

    An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in N... Read more

    Affected Products : windows genian_nac
    • EPSS Score: %2.27
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15614

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When par... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-46433

    In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.... Read more

    Affected Products : fenom
    • EPSS Score: %0.34
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-27462

    A deserialization vulnerability exists in how the AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier verifies serialized data. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary comma... Read more

    Affected Products : factorytalk_assetcentre
    • EPSS Score: %0.11
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-1000060

    EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %6.57
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-1000020

    SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and hand... Read more

    Affected Products : embedded_web_servers soho soho
    • EPSS Score: %1.13
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2022-26514

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26667

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute syste... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.22
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-12266

    Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze C... Read more

    • EPSS Score: %0.68
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-32933

    An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious proce... Read more

    • EPSS Score: %0.22
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-22570

    A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in... Read more

    Affected Products : ua_lite_firmware ua_lite
    • EPSS Score: %0.54
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-43517

    FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.... Read more

    Affected Products : fi9805e_firmware fi9805e
    • EPSS Score: %0.37
    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-26098

    Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.... Read more

    Affected Products : android dex
    • EPSS Score: %1.17
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27568

    Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.... Read more

    Affected Products : android dex
    • EPSS Score: %1.17
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27572

    Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.... Read more

    Affected Products : android dex
    • EPSS Score: %1.17
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9482

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploit... Read more

    • EPSS Score: %2.15
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2021-40390

    An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.... Read more

    Affected Products : mxview
    • EPSS Score: %0.31
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-40422

    An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger ... Read more

    Affected Products : sg3-1010_firmware sg3-1010
    • EPSS Score: %10.74
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290958 Results