CVE Feeds
Latest Critical CVEs
Updates on the latest high and critical severity vulnerabilities.
-
CVE-2025-54946 - SUNNET Corporate Training Management System SQL Injection Vulnerability
CVE ID :CVE-2025-54946
Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
Description :A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-54945 - SUNNET Corporate Training Management System Command Injection Vulnerability
CVE ID :CVE-2025-54945
Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
Description :An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-54943 - SUNNET Corporate Training Management System Authentication Bypass
CVE ID :CVE-2025-54943
Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
Description :A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-54942 - SUNNET Corporate Training Management System Authentication Bypass
CVE ID :CVE-2025-54942
Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
Description :A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-34165 - NetSupport Manager Denial of Service and Information Leak Buffer Overflow
CVE ID :CVE-2025-34165
Published : 30 août 2025 00:15 | 9 heures, 28 minutes ago
Description :A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-34164 - NetSupport Manager Heap-Based Buffer Overflow Vulnerability
CVE ID :CVE-2025-34164
Published : 30 août 2025 00:15 | 9 heures, 28 minutes ago
Description :A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-58159 - WeGIA Web Manager Remote Code Execution Vulnerability
CVE ID :CVE-2025-58159
Published : 29 août 2025 23:15 | 10 heures, 28 minutes ago
Description :WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-56577 - Evope Core Cryptographic Key Disclosure
CVE ID :CVE-2025-56577
Published : 29 août 2025 20:15 | 13 heures, 28 minutes ago
Description :An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-46484 - TRENDnet TV-IP410 OS Command Injection
CVE ID :CVE-2024-46484
Published : 29 août 2025 20:15 | 13 heures, 28 minutes ago
Description :TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-9377 - "TP-Link Archer C7/EU and TL-WR841N/ND(MS) Remote Command Execution Vulnerability"
CVE ID :CVE-2025-9377
Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
Description :The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-58158 - "Harness Git LFS Arbitrary File Write Vulnerability"
CVE ID :CVE-2025-58158
Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
Description :Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-52856 - VioStor Improper Authentication Vulnerability
CVE ID :CVE-2025-52856
Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
Description :An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-44033 - Oa System SQL Injection Vulnerability
CVE ID :CVE-2025-44033
Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
Description :SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-30278 - QNAP Qsync Central Certificate Validation Weakness
CVE ID :CVE-2025-30278
Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
Description :An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-30277 - Qsync Central Certificate Validation Vulnerability
CVE ID :CVE-2025-30277
Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
Description :An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-55177 - WhatsApp iOS/WhatsApp Business for iOS/WhatsApp for Mac URL Processing Authorization Bypass
CVE ID :CVE-2025-55177
Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
Description :Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-46917 - Diebold Nixdorf Vynamic Security Suite Arbitrary File Execution Vulnerability
CVE ID :CVE-2024-46917
Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
Description :Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-46916 - Diebold Nixdorf Vynamic Security Suite File Deletion Code Execution Vulnerability
CVE ID :CVE-2024-46916
Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
Description :Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-13342 - "Booster for WooCommerce Remote File Upload Vulnerability"
CVE ID :CVE-2024-13342
Published : 29 août 2025 11:15 | 22 heures, 28 minutes ago
Description :The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53508 - iND Co.,Ltd iND Command Injection Vulnerability
CVE ID :CVE-2025-53508
Published : 29 août 2025 05:15 | 1 jour, 4 heures ago
Description :Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 49486 guests and no members online