Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-40100

    Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.... Read more

    Affected Products : i9_firmware i9
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-23463

    Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and inte... Read more

    Affected Products : discovery
    • Published: Sep. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6139

    SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591.... Read more

    Affected Products : trex
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-40854

    Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set... Read more

    Affected Products : ac18_firmware ac18
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2016-3819

    Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial... Read more

    Affected Products : android
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-40877

    Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.... Read more

    Affected Products : exam_reviewer_management_system
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2016-6150

    The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 22... Read more

    Affected Products : hana
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-15332

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.... Read more

    Affected Products : cloudcnm_secumanager
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27602

    BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.... Read more

    Affected Products : bigbluebutton
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40315

    A limited SQL injection risk was identified in the "browse list of users" site administration page.... Read more

    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-42304

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.... Read more

    Affected Products : netbackup
    • Published: Oct. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22526

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.... Read more

    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39274

    LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds... Read more

    Affected Products : loramac-node
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28814

    Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.... Read more

    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40825

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40833

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42075

    Wedding Planner v1.0 is vulnerable to arbitrary code execution.... Read more

    Affected Products : wedding_planner
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32234

    An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application us... Read more

    Affected Products : hermes
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5817

    SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : webaccess
    • Published: Aug. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-14129

    A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.... Read more

    Affected Products : xiaomi
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293350 Results