Latest Critical CVEs
Updates on the latest high and critical severity vulnerabilities.
-
CVE-2025-20125 - Cisco ISE API Unauthorized Read-Only Privilege Escalation
CVE ID :CVE-2025-20125
Published : Feb. 5, 2025, 5:15 p.m. | 37 minutes ago
Description :A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-20124 - Cisco ISE Remote Code Execution (RCE) via Insecure Deserialization
CVE ID :CVE-2025-20124
Published : Feb. 5, 2025, 5:15 p.m. | 37 minutes ago
Description :A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-0665 - libcurl Eventfd File Descriptor Double Close
CVE ID :CVE-2025-0665
Published : Feb. 5, 2025, 10:15 a.m. | 7 hours, 37 minutes ago
Description :libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-25246 - NETGEAR XR RCE
CVE ID :CVE-2025-25246
Published : Feb. 5, 2025, 5:15 a.m. | 12 hours, 37 minutes ago
Description :NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-1026 - Spatie Browsershot URL Validation Bypass Vulnerability
CVE ID :CVE-2025-1026
Published : Feb. 5, 2025, 5:15 a.m. | 12 hours, 37 minutes ago
Description :Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023).
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-1022 - Spatie Browsershot Improper Input Validation
CVE ID :CVE-2025-1022
Published : Feb. 5, 2025, 5:15 a.m. | 12 hours, 37 minutes ago
Description :Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-1028 - WordPress Contact Manager Plugin File Upload Vulnerability
CVE ID :CVE-2025-1028
Published : Feb. 5, 2025, 4:15 a.m. | 13 hours, 37 minutes ago
Description :The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in specific configurations where the first extension is processed over the final. This vulnerability also requires successfully exploiting a race condition in order to exploit.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-23114 - Veeam Man-in-the-Middle TLS Certificate Validation Bypass
CVE ID :CVE-2025-23114
Published : Feb. 5, 2025, 2:15 a.m. | 15 hours, 37 minutes ago
Description :A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-23023 - Discourse Anonymous Cache Poisoning Vulnerability
CVE ID :CVE-2025-23023
Published : Feb. 4, 2025, 9:15 p.m. | 20 hours, 37 minutes ago
Description :Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-55948 - Discourse Anonymous Cache Poisoning
CVE ID :CVE-2024-55948
Published : Feb. 4, 2025, 9:15 p.m. | 20 hours, 37 minutes ago
Description :Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-24968 - reNgine Project Deletion Remote Command Execution
CVE ID :CVE-2025-24968
Published : Feb. 4, 2025, 8:15 p.m. | 21 hours, 36 minutes ago
Description :reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-24964 - Vitest Cross-Site WebSocket Hijacking Remote Code Execution
CVE ID :CVE-2025-24964
Published : Feb. 4, 2025, 8:15 p.m. | 21 hours, 36 minutes ago
Description :Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When `api` option is enabled (Vitest UI enables it), Vitest starts a WebSocket server. This WebSocket server did not check Origin header and did not have any authorization mechanism and was vulnerable to CSWSH attacks. This WebSocket server has `saveTestFile` API that can edit a test file and `rerun` API that can rerun the tests. An attacker can execute arbitrary code by injecting a code in a test file by the `saveTestFile` API and then running that file by calling the `rerun` API. This vulnerability can result in remote code execution for users that are using Vitest serve API. This issue has been patched in versions 1.6.1, 2.1.9 and 3.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-0960 - AutomationDirect C-more EA9 HMI Integer Underflow Remote Code Execution
CVE ID :CVE-2025-0960
Published : Feb. 4, 2025, 8:15 p.m. | 21 hours, 36 minutes ago
Description :AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-23058 - Aruba ClearPass Policy Manager Privilege Escalation Vulnerability
CVE ID :CVE-2025-23058
Published : Feb. 4, 2025, 6:15 p.m. | 23 hours, 37 minutes ago
Description :A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-0364 - BigAntSoft BigAnt Server Unauthenticated Remote Code Execution
CVE ID :CVE-2025-0364
Published : Feb. 4, 2025, 6:15 p.m. | 23 hours, 37 minutes ago
Description :BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-24677 - WPSpins Post/Page Copying Tool Code Injection Vulnerability
CVE ID :CVE-2025-24677
Published : Feb. 4, 2025, 3:15 p.m. | 1 day, 2 hours ago
Description :Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-22700 - NotFound Traveler Code SQL Injection
CVE ID :CVE-2025-22700
Published : Feb. 4, 2025, 3:15 p.m. | 1 day, 2 hours ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-22699 - NotFound Traveler Code SQL Injection
CVE ID :CVE-2025-22699
Published : Feb. 4, 2025, 3:15 p.m. | 1 day, 2 hours ago
Description :Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-9644 - Four-Faith F3x36 Router Authentication Bypass Vulnerability
CVE ID :CVE-2024-9644
Published : Feb. 4, 2025, 3:15 p.m. | 1 day, 2 hours ago
Description :The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-9643 - Four-Faith Router Authentication Bypass
CVE ID :CVE-2024-9643
Published : Feb. 4, 2025, 3:15 p.m. | 1 day, 2 hours ago
Description :The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...