Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2021-46307

    An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.... Read more

    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46308

    An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.... Read more

    Affected Products : online_railway_reservation_system
    • EPSS Score: %0.33
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-17383

    A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, an... Read more

    Affected Products : z\/ip_one_firmware z\/ip_one
    • EPSS Score: %6.29
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46089

    In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.... Read more

    Affected Products : jeecg_boot
    • EPSS Score: %0.82
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-23555

    The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.... Read more

    Affected Products : vm2
    • EPSS Score: %0.22
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-23992

    XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges.... Read more

    Affected Products : xcom_data_transport
    • EPSS Score: %1.69
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-46250

    An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authenticate as other users on downstream components that rely on ScratchOAuth2.... Read more

    Affected Products : scratchoauth2
    • EPSS Score: %0.43
    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0664

    Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.... Read more

    Affected Products : netmaker
    • EPSS Score: %0.29
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-22429

    There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.18
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-49242

    Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    CRITICAL
    CVE-2024-49254

    Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 10.0

    HIGH
    CVE-2020-12775

    Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary syst... Read more

    Affected Products : hicos
    • EPSS Score: %4.04
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-0848

    OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.... Read more

    Affected Products : part-db
    • EPSS Score: %32.68
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0845

    Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.... Read more

    Affected Products : pytorch_lightning pytorch_lightning
    • EPSS Score: %0.13
    • Published: Mar. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8500

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore.... Read more

    Affected Products : chakracore
    • EPSS Score: %22.75
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44628

    A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.90
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44629

    A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more

    Affected Products : tl-wr886n_firmware tl-wr886n
    • EPSS Score: %0.90
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-4045

    TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full con... Read more

    Affected Products : tapo_c200_firmware tapo_c200
    • EPSS Score: %88.43
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25760

    All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor f... Read more

    Affected Products : accesslog
    • EPSS Score: %0.44
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-45040

    The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.... Read more

    Affected Products : laravel_media_library
    • EPSS Score: %4.55
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290955 Results