Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2025-7769

    Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, thi... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-7768

    Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially mod... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-6634

    A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more

    Affected Products : 3ds_max
    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 8.8

    HIGH
    CVE-2025-6633

    A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of th... Read more

    Affected Products : 3ds_max
    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 7.8

    HIGH
    CVE-2025-6632

    A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context... Read more

    Affected Products : 3ds_max
    • Published: Aug. 06, 2025
    • Modified: Aug. 19, 2025
    • Vuln Type: Memory Corruption

  • 6.5

    MEDIUM
    CVE-2025-51058

    Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL ... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-51057

    A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 8.2

    HIGH
    CVE-2025-51056

    An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-51055

    Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-51054

    Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-51053

    A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-51052

    A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-50740

    AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-47908

    Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-46660

    An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Cryptography

  • 5.3

    MEDIUM
    CVE-2024-55402

    4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-55399

    4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-55398

    4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-51624

    Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-46659

    An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.... Read more

    Affected Products :
    • Published: Aug. 06, 2025
    • Modified: Aug. 06, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292767 Results