Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2025-7117

    A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be in... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 9.0

    HIGH
    CVE-2025-7116

    A vulnerability classified as critical has been found in UTT 进取 750W up to 3.2.2-191225. This affects an unknown part of the file /goform/Fast_wireless_conf. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the at... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 10.0

    CRITICAL
    CVE-2025-41672

    A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 7.5

    HIGH
    CVE-2025-7115

    A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 7.5

    HIGH
    CVE-2025-7114

    A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session ... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7113

    A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argum... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-7112

    A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 5.4

    MEDIUM
    CVE-2025-7111

    A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Cur... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 7.3

    HIGH
    CVE-2025-53473

    Server-side request forgery (SSRF) vulnerability exists n multiple versions of Nimesa Backup and Recovery, If this vulnerability is exploited, unintended requests may be sent to internal servers.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 9.8

    CRITICAL
    CVE-2025-48501

    An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 6.4

    MEDIUM
    CVE-2025-24508

    Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7110

    A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross s... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 8.6

    HIGH
    CVE-2025-7145

    ThreatSonar Anti-Ransomware developed by TeamT5 has an OS Command Injection vulnerability, allowing remote attackers with product platform intermediate privileges to inject arbitrary OS commands and execute them on the server, thereby gaining administrati... Read more

    Affected Products : threatsonar_anti-ransomware
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.4

    MEDIUM
    CVE-2025-7109

    A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. Th... Read more

    Affected Products : i-educar
    • Published: Jul. 07, 2025
    • Modified: Aug. 13, 2025

  • 5.5

    MEDIUM
    CVE-2025-7108

    A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file /Digital-Infrastructure-9.6.7/y9-digitalbase-webapp/y9-module-filemanager/risenet-y9b... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 5.5

    MEDIUM
    CVE-2025-7107

    A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal. It is pos... Read more

    Affected Products :
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025

  • 6.2

    MEDIUM
    CVE-2025-53186

    Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 07, 2025
    • Modified: Aug. 12, 2025

  • 6.6

    MEDIUM
    CVE-2025-53185

    Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 07, 2025
    • Modified: Aug. 12, 2025

  • 7.5

    HIGH
    CVE-2025-53184

    Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025

  • 7.5

    HIGH
    CVE-2025-53183

    Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.... Read more

    Affected Products : harmonyos
    • Published: Jul. 07, 2025
    • Modified: Jul. 09, 2025
Showing 20 of 291058 Results