Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-30111

    On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video stre... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-30110

    On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-30109

    In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensit... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30107

    On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable cr... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-2491

    A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipula... Read more

    Affected Products : ujcms
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-25590

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-25585

    Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-25580

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-44314

    TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify i... Read more

    Affected Products : tastyigniter
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-44313

    TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.... Read more

    Affected Products : tastyigniter
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-30106

    On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 4.8

    MEDIUM
    CVE-2025-2490

    A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. ... Read more

    Affected Products : ujcms
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-2450

    NI Vision Builder AI VBAI File Processing Missing Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI Vision Builder AI. User interaction is required to exploit ... Read more

    Affected Products : vision_builder_ai
    • Published: Mar. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2025-2449

    NI FlexLogger usiReg URI File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of NI FlexLogger. User interaction is required to exploit this vu... Read more

    Affected Products : flexlogger
    • Published: Mar. 18, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Path Traversal

  • 7.5

    HIGH
    CVE-2025-25500

    An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthoriz... Read more

    Affected Products : cosmwasm
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-8997

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53.... Read more

    Affected Products : evc04_configuration_interface
    • Published: Mar. 18, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2024-21760

    An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute ar... Read more

    Affected Products : fortisoar
    • Published: Mar. 18, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2023-47539

    An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request.... Read more

    Affected Products : fortimail
    • Published: Mar. 18, 2025
    • Modified: Jul. 24, 2025
    • Vuln Type: Authentication

  • 5.3

    MEDIUM
    CVE-2025-2495

    Stored Cross-Site Scripting (XSS) in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execut... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293259 Results