Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-43334

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gavias Halpes allows Reflected XSS.This issue affects Halpes: from n/a before 1.2.5.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 8.8

    HIGH
    CVE-2025-7121

    A vulnerability was found in Campcodes Complaint Management System 1.0. It has been classified as critical. This affects an unknown part of the file /users/complaint-details.php. The manipulation of the argument cid leads to sql injection. It is possible ... Read more

    Affected Products : complaint_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-7120

    A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injectio... Read more

    Affected Products : complaint_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 8.5

    HIGH
    CVE-2025-3920

    A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the applic... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-7119

    A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username leads to sql injecti... Read more

    Affected Products : complaint_management_system
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 9.0

    HIGH
    CVE-2025-7118

    A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overfl... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 9.0

    HIGH
    CVE-2025-7117

    A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be in... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 9.0

    HIGH
    CVE-2025-7116

    A vulnerability classified as critical has been found in UTT 进取 750W up to 3.2.2-191225. This affects an unknown part of the file /goform/Fast_wireless_conf. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the at... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 10.0

    CRITICAL
    CVE-2025-41672

    A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 7.5

    HIGH
    CVE-2025-7115

    A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 7.5

    HIGH
    CVE-2025-7114

    A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7113

    A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argum... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-7112

    A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-7111

    A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Cur... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 7.3

    HIGH
    CVE-2025-53473

    Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-48501

    An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 6.4

    MEDIUM
    CVE-2025-24508

    Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7110

    A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross s... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 8.6

    HIGH
    CVE-2025-7145

    ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrati... Read more

    Affected Products : threatsonar_anti-ransomware
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7109

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. Th... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025
Showing 20 of 291024 Results