Latest Cybersecurity Vulnerabilities - Real-Time Updates

Latest 30 CVEs - Real-Time Cyber Threats

Cyber threats are constantly evolving, making real-time vulnerability tracking essential. Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs), providing key details such as affected vendors, impact levels, and risk scores.

Each CVE entry includes a brief summary and a direct link to its full details, enabling cybersecurity professionals, system administrators, and developers to quickly assess and mitigate potential security risks.

CVE-2025-7915 Severe Cybersecurity Threat
A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the component Login Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 7.3_/10 🔥 Very High Risk
Published on 21 Jul 2025, 01:15 UTC (only 1 hour ago)
CVE-2025-7914 Urgent Exploit Warning
A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.
Score: 8.8_/10 ☠️ Severe Risk
Published on 21 Jul 2025, 01:15 UTC (only 1 hour ago)
CVE-2025-7913 Immediate Threat Report
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 21 Jul 2025, 00:15 UTC (only 2 hours ago)
CVE-2025-7912 Urgent Exploit Warning
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 20 Jul 2025, 23:15 UTC (only 3 hours ago)
CVE-2025-7911 Urgent Exploit Warning
A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 20 Jul 2025, 23:15 UTC (only 3 hours ago)
CVE-2025-53771 Critical Risk Assessment
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Score: 6.3_/10 🔥 High Risk
Published on 20 Jul 2025, 23:15 UTC (only 3 hours ago)
CVE-2025-7910 Severe Vulnerability Alert
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Score: 8.8_/10 ☠️ Severe Risk
Published on 20 Jul 2025, 22:15 UTC (only 4 hours ago)
CVE-2025-7909 Severe Vulnerability Alert
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Score: 8.8_/10 ☠️ Severe Risk
Published on 20 Jul 2025, 22:15 UTC (only 4 hours ago)
CVE-2025-7908 Severe Vulnerability Alert
A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 20 Jul 2025, 21:15 UTC (only 5 hours ago)
CVE-2025-7907 Cybersecurity Threat Advisory
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Score: 4.3_/10 ⚠️ Medium Risk
Published on 20 Jul 2025, 21:15 UTC (only 5 hours ago)
CVE-2025-54319 Active Exploit Warning
An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).
Score: 6.3_/10 🔥 High Risk
Published on 20 Jul 2025, 21:15 UTC (only 5 hours ago)
CVE-2025-7906 Critical Risk Assessment
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 6.3_/10 🔥 High Risk
Published on 20 Jul 2025, 20:15 UTC (only 6 hours ago)
CVE-2025-7905 High-Risk Security Alert
A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 6.3_/10 🔥 High Risk
Published on 20 Jul 2025, 19:15 UTC (only 7 hours ago)
CVE-2025-54317 Urgent Exploit Warning
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).
Score: 8.4_/10 ☠️ Severe Risk
Published on 20 Jul 2025, 19:15 UTC (only 7 hours ago)
CVE-2025-54316 Risk & Patch Advisory
An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to cross-site scripting (XSS) attacks.
Score: 4.9_/10 ⚠️ Medium Risk
Published on 20 Jul 2025, 19:15 UTC (only 7 hours ago)
CVE-2025-49087 Vulnerability Report
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.
Score: 4.0_/10 ⚠️ Moderate Risk
Published on 20 Jul 2025, 19:15 UTC (only 7 hours ago)
CVE-2025-47917 Immediate Threat Report
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were...
Score: 8.9_/10 ☠️ Severe Risk
Published on 20 Jul 2025, 19:15 UTC (only 7 hours ago)
CVE-2025-48965 Moderate Vulnerability Alert
Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.
Score: 4.0_/10 ⚠️ Moderate Risk
Published on 20 Jul 2025, 18:15 UTC (only 8 hours ago)
CVE-2025-7904 High-Risk Security Alert
A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Score: 6.3_/10 🔥 High Risk
Published on 20 Jul 2025, 17:15 UTC (only 9 hours ago)
CVE-2025-7903 Risk & Patch Advisory
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 4.3_/10 ⚠️ Medium Risk
Published on 20 Jul 2025, 17:15 UTC (only 9 hours ago)