CVE Feeds

Latest Critical CVEs

Updates on the latest high and critical severity vulnerabilities.
  • CVE ID :CVE-2025-54946
    Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
    Description :A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-54945
    Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
    Description :An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
    Severity: 10.0 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-54943
    Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
    Description :A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-54942
    Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
    Description :A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-34165
    Published : 30 août 2025 00:15 | 9 heures, 28 minutes ago
    Description :A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.
    Severity: 8.8 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-34164
    Published : 30 août 2025 00:15 | 9 heures, 28 minutes ago
    Description :A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.
    Severity: 8.8 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-58159
    Published : 29 août 2025 23:15 | 10 heures, 28 minutes ago
    Description :WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.
    Severity: 9.9 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-56577
    Published : 29 août 2025 20:15 | 13 heures, 28 minutes ago
    Description :An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
    Severity: 8.4 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-46484
    Published : 29 août 2025 20:15 | 13 heures, 28 minutes ago
    Description :TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
    Severity: 9.8 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-9377
    Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
    Description :The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).
    Severity: 8.6 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-58158
    Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
    Description :Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0.
    Severity: 8.8 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-52856
    Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
    Description :An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
    Severity: 9.3 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-44033
    Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
    Description :SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java
    Severity: 9.8 | CRITICAL
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-30278
    Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
    Description :An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
    Severity: 8.3 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-30277
    Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
    Description :An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
    Severity: 8.3 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-55177
    Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
    Description :Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
    Severity: 8.0 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-46917
    Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
    Description :Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.
    Severity: 8.1 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-46916
    Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
    Description :Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
    Severity: 8.1 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2024-13342
    Published : 29 août 2025 11:15 | 22 heures, 28 minutes ago
    Description :The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
    Severity: 8.1 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...
  • CVE ID :CVE-2025-53508
    Published : 29 août 2025 05:15 | 1 jour, 4 heures ago
    Description :Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
    Severity: 8.6 | HIGH
    Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Information

Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.

Who's Online

We have 49486 guests and no members online