CVE Feeds

  1. You are here:  
  2. Home
  3. CVE Feeds
  4. Latest Critical CVEs

Latest Critical CVEs

Updates on the latest high and critical severity vulnerabilities.

  • CVE-2025-43711 - Tunnelblick Privilege Escalation Vulnerability

    CVE ID :CVE-2025-43711
    Published : July 5, 2025, 12:15 a.m. | 1 day ago
    Description :Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.
    Severity: 8.1 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-26850 - Quest KACE Systems Management Appliance Local Privilege Escalation

    CVE ID :CVE-2025-26850
    Published : July 5, 2025, 12:15 a.m. | 1 day ago
    Description :The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-48952 - NetAlertX SHA-256 Magic Hash Login Bypass Vulnerability

    CVE ID :CVE-2025-48952
    Published : July 4, 2025, 11:15 p.m. | 1 day, 1 hour ago
    Description :NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.
    Severity: 9.4 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52833 - Designthemes LMS SQL Injection

    CVE ID :CVE-2025-52833
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in designthemes LMS allows SQL Injection. This issue affects LMS: from n/a through 9.1.
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52832 - "WPO-HR NGG Smart Image Search SQL Injection"

    CVE ID :CVE-2025-52832
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpo-HR NGG Smart Image Search allows SQL Injection. This issue affects NGG Smart Image Search: from n/a through 3.4.1.
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52831 - Thanhtungtnt Video List Manager SQL Injection

    CVE ID :CVE-2025-52831
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7.
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52830 - bSecure Universal Checkout SQL Injection

    CVE ID :CVE-2025-52830
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bsecuretech bSecure – Your Universal Checkout allows Blind SQL Injection. This issue affects bSecure – Your Universal Checkout: from n/a through 1.7.9.
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52828 - Designthemes Red Art Java Deserialization Object Injection Vulnerability

    CVE ID :CVE-2025-52828
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Deserialization of Untrusted Data vulnerability in designthemes Red Art allows Object Injection. This issue affects Red Art: from n/a through 3.7.
    Severity: 8.8 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52813 - MobiLoud Missing Authorization Vulnerability

    CVE ID :CVE-2025-52813
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
    Severity: 8.1 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-52807 - ApusWP Kossy PHP Remote File Inclusion Vulnerability

    CVE ID :CVE-2025-52807
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through 1.45.
    Severity: 8.1 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-4414 - CMSMasters Content Composer Remote File Inclusion Vulnerability

    CVE ID :CVE-2025-4414
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer allows PHP Local File Inclusion. This issue affects CMSMasters Content Composer: from n/a through n/a.
    Severity: 8.1 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-49867 - InspiryThemes RealHomes Privilege Escalation Vulnerability

    CVE ID :CVE-2025-49867
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.
    Severity: 9.8 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-49417 - BestWpDeveloper WooCommerce Product Multi-Action Object Injection Vulnerability

    CVE ID :CVE-2025-49417
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action allows Object Injection. This issue affects WooCommerce Product Multi-Action: from n/a through 1.3.
    Severity: 9.8 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-49414 - Fastw3b LLC FW Gallery Unrestricted File Upload Vulnerability

    CVE ID :CVE-2025-49414
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0.
    Severity: 10.0 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-49302 - Scott Paterson Easy Stripe Code Injection Vulnerability

    CVE ID :CVE-2025-49302
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1.
    Severity: 10.0 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-32297 - Quantumcloud Simple Link Directory SQL Injection

    CVE ID :CVE-2025-32297
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quantumcloud Simple Link Directory allows SQL Injection. This issue affects Simple Link Directory: from n/a through 14.7.3.
    Severity: 8.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-30933 - LiquidThemes LogisticsHub Unrestricted File Upload Vulnerability

    CVE ID :CVE-2025-30933
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes LogisticsHub allows Upload a Web Shell to a Web Server. This issue affects LogisticsHub: from n/a through 1.1.6.
    Severity: 10.0 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-28983 - Click & Pledge Connect SQL Injection Privilege Escalation

    CVE ID :CVE-2025-28983
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect allows Privilege Escalation. This issue affects Click & Pledge Connect: from 25.04010101 through WP6.8.
    Severity: 9.8 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-24780 - Printcart Web to Print Product Designer for WooCommerce SQL Injection

    CVE ID :CVE-2025-24780
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows SQL Injection. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.4.0.
    Severity: 8.5 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-23970 - Aonetheme Service Finder Booking Privilege Escalation

    CVE ID :CVE-2025-23970
    Published : July 4, 2025, 12:15 p.m. | 1 day, 12 hours ago
    Description :Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking allows Privilege Escalation. This issue affects Service Finder Booking: from n/a through 6.0.
    Severity: 9.8 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Information

Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.

Blog

Company

Who's Online

We have 862 guests and no members online