Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2022-21390

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allo... Read more

    • EPSS Score: %2.17
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44735

    Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.... Read more

    • EPSS Score: %12.55
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44736

    The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.... Read more

    Affected Products : mc3224i_firmware mc3224i
    • EPSS Score: %0.72
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46061

    An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46307

    An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46308

    An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.... Read more

    Affected Products : online_railway_reservation_system
    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-17383

    A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, an... Read more

    Affected Products : z\/ip_one_firmware z\/ip_one
    • EPSS Score: %6.29
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46089

    In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.... Read more

    Affected Products : jeecg_boot
    • EPSS Score: %0.82
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-23555

    The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.... Read more

    Affected Products : vm2
    • EPSS Score: %0.22
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23992

    XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.... Read more

    Affected Products : xcom_data_transport
    • EPSS Score: %1.69
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-46250

    An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.... Read more

    Affected Products : scratchoauth2
    • EPSS Score: %0.43
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0664

    Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.... Read more

    Affected Products : netmaker
    • EPSS Score: %0.29
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22429

    There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.18
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-49242

    Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49254

    Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    HIGH
    CVE-2020-12775

    Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary syst... Read more

    Affected Products : hicos
    • EPSS Score: %4.04
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-0848

    OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.... Read more

    Affected Products : part-db
    • EPSS Score: %32.68
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0845

    Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.... Read more

    Affected Products : pytorch_lightning pytorch_lightning
    • EPSS Score: %0.13
    • Published: Mar. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8500

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore.... Read more

    Affected Products : chakracore
    • EPSS Score: %22.75
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44628

    A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.90
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291398 Results