Latest Cybersecurity Vulnerabilities - Real-Time Updates

Latest 30 CVEs - Real-Time Cyber Threats

Cyber threats are constantly evolving, making real-time vulnerability tracking essential. Below are the 30 most recently disclosed Common Vulnerabilities and Exposures (CVEs), providing key details such as affected vendors, impact levels, and risk scores.

Each CVE entry includes a brief summary and a direct link to its full details, enabling cybersecurity professionals, system administrators, and developers to quickly assess and mitigate potential security risks.

CVE-2025-3994 Report & Risk Review
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Score: 2.4_/10 🟢 Low Risk
Published on 28 Apr 2025, 01:15 UTC (only 58 minutes ago)
CVE-2025-3993 Severe Vulnerability Alert
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 28 Apr 2025, 01:15 UTC (only 58 minutes ago)
CVE-2025-3992 Immediate Threat Report
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 28 Apr 2025, 00:15 UTC (only 1 hour ago)
CVE-2025-3991 Severe Vulnerability Alert
A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 28 Apr 2025, 00:15 UTC (only 1 hour ago)
CVE-2025-31144 Significant Vulnerability Warning
Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running.
Score: 5.8_/10 🚨 Significant Risk
Published on 28 Apr 2025, 00:15 UTC (only 1 hour ago)
CVE-2025-27937 High-Risk Security Alert
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product.
Score: 6.5_/10 🔥 High Risk
Published on 28 Apr 2025, 00:15 UTC (only 1 hour ago)
CVE-2025-26692 Immediate Threat Report
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running.
Score: 8.1_/10 ☠️ Severe Risk
Published on 28 Apr 2025, 00:15 UTC (only 1 hour ago)
CVE-2025-3990 Immediate Threat Report
A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 27 Apr 2025, 23:15 UTC (only 2 hours ago)
CVE-2025-3989 Severe Vulnerability Alert
A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 27 Apr 2025, 23:15 UTC (only 2 hours ago)
CVE-2025-46690 Risk & Patch Advisory
Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request.
Score: 5.0_/10 ⚠️ Medium Risk
Published on 27 Apr 2025, 22:15 UTC (only 3 hours ago)
CVE-2025-46689 Active Threat Alert
Ververica Platform 2.14.0 contain an Reflected XSS vulnerability via a namespaces/default/formats URI.
Score: 5.4_/10 🚨 Significant Risk
Published on 27 Apr 2025, 22:15 UTC (only 3 hours ago)
CVE-2025-3988 Urgent Exploit Warning
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Score: 8.8_/10 ☠️ Severe Risk
Published on 27 Apr 2025, 22:15 UTC (only 3 hours ago)
CVE-2025-3987 Active Exploit Warning
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Score: 6.3_/10 🔥 High Risk
Published on 27 Apr 2025, 22:15 UTC (only 3 hours ago)
CVE-2025-3986 Cybersecurity Threat Advisory
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 4.3_/10 ⚠️ Medium Risk
Published on 27 Apr 2025, 21:15 UTC (only 4 hours ago)
CVE-2025-3985 Security Risk Analysis
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 2.7_/10 🟢 Low Risk
Published on 27 Apr 2025, 21:15 UTC (only 4 hours ago)
CVE-2025-46688 Active Threat Alert
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
Score: 5.6_/10 🚨 Significant Risk
Published on 27 Apr 2025, 20:15 UTC (only 5 hours ago)
CVE-2025-46687 Exploit & Mitigation Report
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
Score: 5.6_/10 🚨 Significant Risk
Published on 27 Apr 2025, 20:15 UTC (only 5 hours ago)
CVE-2025-3984 Risk & Patch Advisory
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure...
Score: 5.0_/10 ⚠️ Medium Risk
Published on 27 Apr 2025, 20:15 UTC (only 5 hours ago)
CVE-2025-3983 Security Flaw Alert
A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 4.7_/10 ⚠️ Medium Risk
Published on 27 Apr 2025, 20:15 UTC (only 5 hours ago)
CVE-2025-3982 Risk & Patch Advisory
A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Score: 4.3_/10 ⚠️ Medium Risk
Published on 27 Apr 2025, 19:15 UTC (only 6 hours ago)