Latest Cybersecurity Vulnerabilities - Real-Time Updates

Latest 30 CVEs - Real-Time Cyber Threats

Cyber threats are constantly evolving, making real-time vulnerability tracking essential. Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs), providing key details such as affected vendors, impact levels, and risk scores.

Each CVE entry includes a brief summary and a direct link to its full details, enabling cybersecurity professionals, system administrators, and developers to quickly assess and mitigate potential security risks.

CVE-2025-7788 Active Exploit Warning
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 6.3_/10 🔥 High Risk
Published on 18 Jul 2025, 15:15 UTC (only 1 hour ago)
CVE-2025-7787 Critical Risk Assessment
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Score: 6.3_/10 🔥 High Risk
Published on 18 Jul 2025, 15:15 UTC (only 1 hour ago)
CVE-2025-46732 Exploit & Mitigation Report
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation` mutations of OpenCTI allows an authenticated user to change the read status of a notification or delete a notification of another user in case he has knowledge of the UUID of the notification. When changing the read status of a notification, the user also receives the content of the notification they changed the read status of. Authentica...
Score: 5.4_/10 🚨 Significant Risk
Published on 18 Jul 2025, 15:15 UTC (only 1 hour ago)
CVE-2025-46000 Vulnerability Insight
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. ⏳ Analysis in Progress 18 Jul 2025, 15:15 UTC (1 hour ago)
CVE-2025-7786 Moderate Vulnerability Alert
A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the component Post Reply Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 3.5_/10 ⚠️ Moderate Risk
Published on 18 Jul 2025, 14:15 UTC (only 2 hours ago)
CVE-2025-7784 Active Exploit Warning
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
Score: 6.5_/10 🔥 High Risk
Published on 18 Jul 2025, 14:15 UTC (only 2 hours ago)
CVE-2025-46002 Security Notice
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint. ⏳ Analysis in Progress 18 Jul 2025, 14:15 UTC (2 hours ago)
CVE-2025-46001 Technical Report
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. ⏳ Analysis in Progress 18 Jul 2025, 14:15 UTC (2 hours ago)
CVE-2024-13175 Significant Vulnerability Warning
Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0.
Score: 5.5_/10 🚨 Significant Risk
Published on 18 Jul 2025, 14:15 UTC (only 2 hours ago)
CVE-2025-7785 Risk & Patch Advisory
A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.
Score: 4.3_/10 ⚠️ Medium Risk
Published on 18 Jul 2025, 12:15 UTC (only 4 hours ago)
CVE-2025-6227 Security Risk Analysis
Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API.
Score: 2.2_/10 🟢 Low Risk
Published on 18 Jul 2025, 12:15 UTC (only 4 hours ago)
CVE-2025-6233 Critical Risk Assessment
Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.
Score: 6.8_/10 🔥 High Risk
Published on 18 Jul 2025, 10:15 UTC (only 6 hours ago)
CVE-2025-50126 Vulnerability Insight
A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] parameter. ⏳ Analysis in Progress 18 Jul 2025, 10:15 UTC (6 hours ago)
CVE-2025-50058 Technical Report
A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component. ⏳ Analysis in Progress 18 Jul 2025, 10:15 UTC (6 hours ago)
CVE-2025-50057 Security Notice
A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature. ⏳ Analysis in Progress 18 Jul 2025, 10:15 UTC (6 hours ago)
CVE-2025-50056 Technical Report
A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter. ⏳ Analysis in Progress 18 Jul 2025, 10:15 UTC (6 hours ago)
CVE-2025-49486 Technical Report
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items. ⏳ Analysis in Progress 18 Jul 2025, 10:15 UTC (6 hours ago)
CVE-2025-49485 Vulnerability Insight
A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter. ⏳ Analysis in Progress 18 Jul 2025, 10:15 UTC (6 hours ago)
CVE-2025-49484 Vulnerability Insight
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature. ⏳ Analysis in Progress 18 Jul 2025, 10:15 UTC (6 hours ago)
CVE-2025-2425 Technical Report
Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system. ⏳ Analysis in Progress 18 Jul 2025, 10:15 UTC (6 hours ago)