Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-27571

    Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.... Read more

    Affected Products : android dex
    • EPSS Score: %1.17
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-51789

    Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 10.0

    CRITICAL
    CVE-2024-51792

    Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 10.0

    CRITICAL
    CVE-2022-25226

    ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sen... Read more

    Affected Products : thinvnc
    • EPSS Score: %77.08
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-52372

    Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through 7.0.0.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 10.0

    CRITICAL
    CVE-2024-52376

    Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 10.0

    CRITICAL
    CVE-2024-52380

    Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 10.0

    CRITICAL
    CVE-2022-1531

    SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 . This vulnerability is critical as it can lead to remote code execution and thus complete server takeover.... Read more

    Affected Products : rtx
    • EPSS Score: %4.06
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-48967

    The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make u... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 10.0

    CRITICAL
    CVE-2024-52374

    Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.... Read more

    Affected Products :
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 10.0

    CRITICAL
    CVE-2022-1884

    A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` t... Read more

    Affected Products : gogs windows
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 10.0

    HIGH
    CVE-2021-44057

    An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following v... Read more

    Affected Products : photo_station
    • EPSS Score: %0.18
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28580

    It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %20.86
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-27411

    TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %4.79
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28909

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %10.30
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-28913

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %11.61
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29328

    D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.... Read more

    Affected Products : dap-1330_firmware dap-1330
    • EPSS Score: %10.66
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29396

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %0.46
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-29398

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %0.45
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-9478

    Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.... Read more

    Affected Products :
    • Published: Nov. 20, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 290954 Results