Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-41560

    OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.... Read more

    Affected Products : opencats
    • EPSS Score: %46.15
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-42313

    Microsoft Defender for IoT Remote Code Execution Vulnerability... Read more

    Affected Products : defender_for_iot
    • EPSS Score: %3.23
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-40850

    TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.... Read more

    Affected Products : gim
    • EPSS Score: %0.26
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-44453

    mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.... Read more

    Affected Products : mypro
    • EPSS Score: %0.30
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45501

    Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.... Read more

    • EPSS Score: %0.20
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45511

    Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R... Read more

    • EPSS Score: %1.06
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45612

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1... Read more

    • EPSS Score: %0.50
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45617

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 befor... Read more

    • EPSS Score: %1.53
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-20151

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • EPSS Score: %0.71
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-43832

    Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation & execution. This lets an arbitrary user with access to the gate endpoint to create a pipeline and execute it without auth... Read more

    Affected Products : spinnaker
    • EPSS Score: %1.82
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1049

    Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722... Read more

    Affected Products : android
    • EPSS Score: %0.32
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-33963

    China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote c... Read more

    • EPSS Score: %1.83
    • Published: Jan. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-27115

    A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements... Read more

    Affected Products : soplanning
    • Published: Sep. 11, 2024
    • Modified: Sep. 18, 2024

  • 10.0

    CRITICAL
    CVE-2022-21275

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allow... Read more

    • EPSS Score: %1.79
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21389

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allow... Read more

    • EPSS Score: %1.79
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44734

    Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.... Read more

    • EPSS Score: %8.30
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21390

    Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allo... Read more

    • EPSS Score: %2.17
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44735

    Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.... Read more

    • EPSS Score: %12.55
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44736

    The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.... Read more

    Affected Products : mc3224i_firmware mc3224i
    • EPSS Score: %0.72
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46061

    An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290957 Results