Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-57170

    SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier_to_delete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences (e.g., ../). This vulnerability enables... Read more

    Affected Products : soplanning
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2024-57169

    A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.... Read more

    Affected Products : soplanning
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-30132

    An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and ... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-30123

    An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30122

    An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-30117

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain s... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30116

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Addi... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30115

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing una... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2025-30114

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofin... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-30113

    An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings t... Read more

    Affected Products : dr_820_firmware dr_820
    • Published: Mar. 18, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30111

    On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video stre... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-30110

    On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 6.5

    MEDIUM
    CVE-2025-30109

    In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensit... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-30107

    On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable cr... Read more

    Affected Products :
    • Published: Mar. 18, 2025
    • Modified: Mar. 24, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2025-2491

    A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipula... Read more

    Affected Products : ujcms
    • Published: Mar. 18, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-25590

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-25585

    Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-25580

    yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.... Read more

    Affected Products : yimioa
    • Published: Mar. 18, 2025
    • Modified: Jun. 19, 2025
    • Vuln Type: Injection

  • 4.1

    MEDIUM
    CVE-2024-49822

    IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more

    • Published: Mar. 18, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-44314

    TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify i... Read more

    Affected Products : tastyigniter
    • Published: Mar. 18, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization
Showing 20 of 293289 Results