Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-38771

    The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.... Read more

    Affected Products : mojodat_fixed_asset_management
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-36536

    An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens.... Read more

    Affected Products : linux_kernel syncovery
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22105

    Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music... Read more

    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38826

    In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.... Read more

    Affected Products : t6_firmware t6
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38830

    Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.... Read more

    Affected Products : rx9_pro_firmware rx9_pro
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38831

    Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList... Read more

    Affected Products : rx9_pro_firmware rx9_pro
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-40017

    The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39002

    Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40805

    The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package.... Read more

    Affected Products : democritus_urls
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40806

    The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0... Read more

    Affected Products : democritus_uuids
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40426

    The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-asns
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0143

    When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Ser... Read more

    Affected Products : ldap_connector
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40430

    The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-utility
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38619

    SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.... Read more

    Affected Products : smartvista_front-end
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-2315

    Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.... Read more

    • Published: Sep. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3269

    Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.... Read more

    Affected Products : rdiffweb
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40862

    Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-40855

    Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMapping... Read more

    Affected Products : w20e_firmware w20e
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2016-5229

    Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.... Read more

    Affected Products : bamboo
    • Published: Aug. 02, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-5669

    Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attac... Read more

    • Published: Aug. 03, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293315 Results