Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-20238

    'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedPro... Read more

    Affected Products : android
    • EPSS Score: %0.13
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26624

    An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attacke... Read more

    Affected Products : escan_anti-virus
    • EPSS Score: %1.88
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26747

    Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.... Read more

    • EPSS Score: %24.40
    • Published: Feb. 18, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-34082

    OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.... Read more

    Affected Products : proctree
    • EPSS Score: %13.69
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11291

    Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapd... Read more

    • EPSS Score: %0.36
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-4846

    A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers ... Read more

    • EPSS Score: %0.30
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37154

    In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.... Read more

    Affected Products : access_management
    • EPSS Score: %0.53
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-37555

    TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then downl... Read more

    • EPSS Score: %0.37
    • Published: Jul. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-10926

    The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.... Read more

    Affected Products : nelio_ab_testing
    • EPSS Score: %0.45
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25429

    Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.... Read more

    Affected Products : ac9_firmware ac9
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25453

    Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.... Read more

    Affected Products : ac6_firmware ac6
    • EPSS Score: %0.39
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33218

    An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.... Read more

    Affected Products : ruckus_iot_controller
    • EPSS Score: %1.25
    • Published: Jul. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5473

    An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions tha... Read more

    • EPSS Score: %4.26
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4755

    Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a ... Read more

    • EPSS Score: %1.86
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2022-26998

    Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • EPSS Score: %14.22
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27001

    Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : arris_tr3300_firmware arris_tr3300
    • EPSS Score: %14.22
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39979

    HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.... Read more

    Affected Products : harmonyos
    • EPSS Score: %0.33
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-7856

    Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : dng_converter
    • EPSS Score: %3.77
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-37270

    There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background admini... Read more

    • EPSS Score: %0.26
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-3769

    # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if th... Read more

    Affected Products : oh_my_zsh
    • EPSS Score: %0.33
    • Published: Nov. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results