Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2022-1668

    Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.... Read more

    • EPSS Score: %0.52
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-31767

    IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.... Read more

    Affected Products : linux_kernel cics_tx
    • EPSS Score: %1.44
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-40597

    The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.... Read more

    Affected Products : ic-3140w_firmware ic-3140w
    • EPSS Score: %0.64
    • Published: Jun. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2869

    Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors.... Read more

    Affected Products : avast_antivirus
    • EPSS Score: %0.45
    • Published: Jun. 06, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-20083

    In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitat... Read more

    Affected Products : lr13 nr15 nr16 lr11 lr12 lr12a lr9 mt2735 mt6779 mt6781 +63 more products
    • EPSS Score: %4.35
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-25046

    A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.... Read more

    Affected Products : webpanel
    • EPSS Score: %1.22
    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-32054

    Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %21.69
    • Published: Jul. 07, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-34819

    A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (... Read more

    • EPSS Score: %0.66
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-20222

    In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr... Read more

    Affected Products : android
    • EPSS Score: %2.28
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-20229

    In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed f... Read more

    Affected Products : android
    • EPSS Score: %6.11
    • Published: Jul. 13, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-22683

    Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %3.55
    • Published: Jul. 28, 2022
    • Modified: Jan. 14, 2025

  • 10.0

    CRITICAL
    CVE-2022-2734

    Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.... Read more

    Affected Products : openemr
    • EPSS Score: %1.03
    • Published: Aug. 09, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-35942

    Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affe... Read more

    Affected Products : loopback-connector-postgresql
    • EPSS Score: %0.28
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-46506

    NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.... Read more

    Affected Products : netalertx *
    • Published: May. 13, 2025
    • Modified: Jun. 17, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2022-35947

    GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL ... Read more

    Affected Products : glpi
    • EPSS Score: %0.16
    • Published: Sep. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-26959

    There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory a... Read more

    Affected Products : northstar_club_management
    • EPSS Score: %0.08
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2025-5408

    A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the compon... Read more

    Affected Products :
    • Published: Jun. 01, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2025-3322

    An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.... Read more

    Affected Products : onlinesuite_application_package
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-32291

    Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects SUMO Affiliates Pro: from n/a through 10.7.0.... Read more

    Affected Products :
    • Published: Jun. 09, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2021-26727

    Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner ... Read more

    Affected Products : iac-ast2500a_firmware iac-ast2500a
    • EPSS Score: %0.49
    • Published: Oct. 24, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291401 Results