Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-2487

    A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MOD... Read more

    • Published: Mar. 18, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Denial of Service

  • 6.5

    MEDIUM
    CVE-2025-26138

    Systemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded files are accessible via a predictable numerical ID parameter, allowing unauthorized users to increment or decrement th... Read more

    Affected Products : risk_value
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-26137

    Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensitive information.... Read more

    Affected Products : risk_value
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-25595

    A lack of rate limiting in the login page of Safe App version a3.0.9 allows attackers to bypass authentication via a brute force attack.... Read more

    Affected Products : safe
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authentication

  • 9.6

    CRITICAL
    CVE-2024-56347

    IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.... Read more

    Affected Products : aix
    • Published: Mar. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2024-56346

    IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.... Read more

    Affected Products : aix
    • Published: Mar. 18, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-27688

    Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more

    • Published: Mar. 18, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-25589

    An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: XML External Entity

  • 4.2

    MEDIUM
    CVE-2025-25586

    yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-25582

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-57170

    SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables... Read more

    Affected Products : soplanning
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-57169

    A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.... Read more

    Affected Products : soplanning
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-30132

    An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and ... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-30123

    An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30122

    An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-30117

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain s... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30116

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Addi... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30115

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing una... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-30114

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofin... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30113

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings t... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication
Showing 20 of 293259 Results