Latest Critical CVEs

• CVE-2025-54946 - SUNNET Corporate Training Management System SQL Injection Vulnerability

  CVE ID :CVE-2025-54946
  Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
  Description :A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
  Severity: 9.3 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-54945 - SUNNET Corporate Training Management System Command Injection Vulnerability

  CVE ID :CVE-2025-54945
  Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
  Description :An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
  Severity: 10.0 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-54943 - SUNNET Corporate Training Management System Authentication Bypass

  CVE ID :CVE-2025-54943
  Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
  Description :A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
  Severity: 9.3 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-54942 - SUNNET Corporate Training Management System Authentication Bypass

  CVE ID :CVE-2025-54942
  Published : 30 août 2025 04:15 | 5 heures, 27 minutes ago
  Description :A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
  Severity: 9.3 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-34165 - NetSupport Manager Denial of Service and Information Leak Buffer Overflow

  CVE ID :CVE-2025-34165
  Published : 30 août 2025 00:15 | 9 heures, 28 minutes ago
  Description :A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-34164 - NetSupport Manager Heap-Based Buffer Overflow Vulnerability

  CVE ID :CVE-2025-34164
  Published : 30 août 2025 00:15 | 9 heures, 28 minutes ago
  Description :A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-58159 - WeGIA Web Manager Remote Code Execution Vulnerability

  CVE ID :CVE-2025-58159
  Published : 29 août 2025 23:15 | 10 heures, 28 minutes ago
  Description :WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.
  Severity: 9.9 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-56577 - Evope Core Cryptographic Key Disclosure

  CVE ID :CVE-2025-56577
  Published : 29 août 2025 20:15 | 13 heures, 28 minutes ago
  Description :An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
  Severity: 8.4 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2024-46484 - TRENDnet TV-IP410 OS Command Injection

  CVE ID :CVE-2024-46484
  Published : 29 août 2025 20:15 | 13 heures, 28 minutes ago
  Description :TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
  Severity: 9.8 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-9377 - "TP-Link Archer C7/EU and TL-WR841N/ND(MS) Remote Command Execution Vulnerability"

  CVE ID :CVE-2025-9377
  Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
  Description :The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).
  Severity: 8.6 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-58158 - "Harness Git LFS Arbitrary File Write Vulnerability"

  CVE ID :CVE-2025-58158
  Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
  Description :Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0.
  Severity: 8.8 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-52856 - VioStor Improper Authentication Vulnerability

  CVE ID :CVE-2025-52856
  Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
  Description :An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
  Severity: 9.3 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-44033 - Oa System SQL Injection Vulnerability

  CVE ID :CVE-2025-44033
  Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
  Description :SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java
  Severity: 9.8 | CRITICAL
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-30278 - QNAP Qsync Central Certificate Validation Weakness

  CVE ID :CVE-2025-30278
  Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
  Description :An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
  Severity: 8.3 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-30277 - Qsync Central Certificate Validation Vulnerability

  CVE ID :CVE-2025-30277
  Published : 29 août 2025 18:15 | 15 heures, 28 minutes ago
  Description :An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
  Severity: 8.3 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-55177 - WhatsApp iOS/WhatsApp Business for iOS/WhatsApp for Mac URL Processing Authorization Bypass

  CVE ID :CVE-2025-55177
  Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
  Description :Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
  Severity: 8.0 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2024-46917 - Diebold Nixdorf Vynamic Security Suite Arbitrary File Execution Vulnerability

  CVE ID :CVE-2024-46917
  Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
  Description :Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.
  Severity: 8.1 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2024-46916 - Diebold Nixdorf Vynamic Security Suite File Deletion Code Execution Vulnerability

  CVE ID :CVE-2024-46916
  Published : 29 août 2025 16:15 | 17 heures, 28 minutes ago
  Description :Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
  Severity: 8.1 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2024-13342 - "Booster for WooCommerce Remote File Upload Vulnerability"

  CVE ID :CVE-2024-13342
  Published : 29 août 2025 11:15 | 22 heures, 28 minutes ago
  Description :The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
  Severity: 8.1 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...

• CVE-2025-53508 - iND Co.,Ltd iND Command Injection Vulnerability

  CVE ID :CVE-2025-53508
  Published : 29 août 2025 05:15 | 1 jour, 4 heures ago
  Description :Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
  Severity: 8.6 | HIGH
  Visit the link for more details, such as CVSS details, affected products, timeline, and more...