Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-33872

    An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated rem... Read more

    Affected Products : fortitester
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-20016

    MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been ... Read more

    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-43184

    D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.... Read more

    Affected Products : dir-878_firmware dir-878
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-43019

    OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.... Read more

    Affected Products : opencats
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-43024

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.... Read more

    Affected Products : tx3_firmware tx3
    • Published: Oct. 19, 2022
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-42233

    Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.... Read more

    Affected Products : 11n_firmware 11n
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2021-42010

    Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.... Read more

    Affected Products : heron
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-29477

    An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP header can lead to authentication bypass. An attacker can send an... Read more

    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-30184

    CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.... Read more

    • Published: Jun. 09, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2022-35877

    Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and den... Read more

    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39322

    @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are v... Read more

    Affected Products : keystone
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39327

    Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values h... Read more

    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39342

    OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involve... Read more

    Affected Products : openfga
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-5913

    A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql in... Read more

    Affected Products : vehicle_record_management_system
    • Published: Jun. 10, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-43000

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-3363

    Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.... Read more

    Affected Products : rdiffweb
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-3095

    The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in UR... Read more

    • Published: Oct. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43367

    IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.... Read more

    Affected Products : ew9_firmware ew9
    • Published: Oct. 27, 2022
    • Modified: May. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-37914

    Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain ad... Read more

    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-3741

    Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the server. These accounts still need to be activated; howe... Read more

    Affected Products : chatwoot
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293645 Results