Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-46010

    Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46009

    In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-46008

    In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-46007

    totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.... Read more

    Affected Products : ar3100r_firmware ar3100r
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-46006

    In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.... Read more

    Affected Products : a3100r_firmware a3100r
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-46005

    Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.... Read more

    Affected Products : car_rental_management_system
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45998

    D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.... Read more

    Affected Products : dir-882_firmware dir-882
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45997

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMapping... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45996

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMapping... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45995

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGat... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45994

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45993

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45992

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45991

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45990

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45989

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameter... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-45988

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45987

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45986

    Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.... Read more

    Affected Products : g1_firmware g3_firmware g3 g1
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-45983

    NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.... Read more

    Affected Products : ngeniusone
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294328 Results