Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Wednesday's Microsoft Patch Tuesday has unleashed a security avalanche with 13 critical vulnerabilities and 100 high-priority updates, representing a 333% surge in critical CVEs from yesterday's 3. The Windows ecosystem faces severe threats including Windows Server Update Service remote code execution (CVE-2025-59287), Microsoft Graphics Component privilege escalation (CVE-2025-49708), and ASP.NET Core HTTP request smuggling (CVE-2025-55315). Enterprise environments are hit hard with critical SAP Print Service path traversal, Siemens SIMATIC vulnerabilities, and Adobe Connect DOM-based XSS. Most alarming: patch availability has collapsed to just 6%, leaving 94% of disclosed vulnerabilities without vendor fixes. With 24 CISA KEV vulnerabilities now under active exploitation, organizations face a critical remediation workload heading into the weekend.
Critical CVEs explode 333% from 3 to 13 as Microsoft Patch Tuesday releases major security updates
High-priority CVEs surge 245% from 29 to 100, creating unprecedented remediation workload
Patch availability collapses to 6% - the lowest rate this month, leaving 94% of CVEs unpatched
Windows Server Update Service RCE (CVE-2025-59287) allows unauthenticated remote code execution
Enterprise systems at risk: SAP Print Service, Siemens SIMATIC, Adobe Connect all face critical flaws
24 CISA KEV vulnerabilities (up from 20) with 5 federal deadlines expiring Saturday, October 19
Immediate action: Immediately deploy Microsoft Patch Tuesday updates for Windows Server Update Service (CVE-2025-59287), Graphics Component (CVE-2025-49708), and ASP.NET Core (CVE-2025-55315). Patch SAP Print Service, Siemens SIMATIC controllers, and Adobe Connect systems. For the 94% of CVEs without patches, implement network segmentation and enhanced monitoring. Federal agencies must complete CISA KEV remediation by Saturday October 19 deadline.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-32463
9.5
SudoSudo
â° Federal Deadline:October 19, 2025(6 days remaining)
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-59689
9.5
LibraesvaEmail Security Gateway
â° Federal Deadline:October 19, 2025(6 days remaining)
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-10035
9.5đ
FortraGoAnywhere MFT
â° Federal Deadline:October 19, 2025(6 days remaining)
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20352
9.5đ
CiscoIOS and IOS XE
â° Federal Deadline:October 19, 2025(6 days remaining)
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-21311
9.5
AdminerAdminer
â° Federal Deadline:October 19, 2025(6 days remaining)
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2014-6278
9.5
GNUGNU Bash
â° Federal Deadline:October 22, 2025(9 days remaining)
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2017-1000353
9.5
JenkinsJenkins
â° Federal Deadline:October 22, 2025(9 days remaining)
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2015-7755
9.5
JuniperScreenOS
â° Federal Deadline:October 22, 2025(9 days remaining)
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-21043
9.5
SamsungMobile Devices
â° Federal Deadline:October 22, 2025(9 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-4008
9.5
SmartbeddedMeteobridge
â° Federal Deadline:October 22, 2025(9 days remaining)
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22555
9.5
LinuxKernel
â° Federal Deadline:October 26, 2025(13 days remaining)
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2010-3962
9.5
MicrosoftInternet Explorer
â° Federal Deadline:October 26, 2025(13 days remaining)
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-43226
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(13 days remaining)
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2013-3918
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(13 days remaining)
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2011-3402
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(13 days remaining)
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2010-3765
9.5
MozillaMultiple Products
â° Federal Deadline:October 26, 2025(13 days remaining)
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61882
9.5đ
OracleE-Business Suite
â° Federal Deadline:October 26, 2025(13 days remaining)
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-27915
9.5
SynacorZimbra Collaboration Suite (ZCS)
â° Federal Deadline:October 27, 2025(14 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-43798
9.5
Grafana LabsGrafana
â° Federal Deadline:October 29, 2025(16 days remaining)
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-47827
9.5
IGELIGEL OS
â° Federal Deadline:November 3, 2025(21 days remaining)
IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6264
9.5
Rapid7Velociraptor
â° Federal Deadline:November 3, 2025(21 days remaining)
Rapid7 Velociraptor Incorrect Default Permissions Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2016-7836
9.5
SKYSEAClient View
â° Federal Deadline:November 3, 2025(21 days remaining)
SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-49708
9.9đ
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over aMultiple Products
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVSS Base9.9
â
CRSSelect profile
CVE-2025-59287
9.8đ
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over aMultiple Products
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-55315
9.9đ
Inconsistent interpretation of http requestsMultiple Products
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVSS Base9.9
â
CRSSelect profile
CVE-2025-49553
9.3đ
Adobe Connect versionsMultiple Products
Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. ...
CVSS Base9.3
â
CRSSelect profile
CVE-2025-37729
9.1đ
Improper neutralization of special elements used in a template engine in Elastic Cloud EnterpriseMultiple Products
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing c...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-46581
9.8đ
UnknownMultiple Products
ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-6919
9.8đ
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allow...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-10610
9.8đ
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Inj...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-42937
9.8đ
SAP Print ServiceMultiple Products
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files cau...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-40765
9.8đ
A vulnerability has been identified in TeleControl Server BasicMultiple Products
A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-40771
9.8đ
A vulnerability has been identified in SIMATIC CPMultiple Products
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6G...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-9976
9đ
An OS Command Injection vulnerability affecting Station Launcher App inMultiple Products
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute ar...
CVSS Base9
â
CRSSelect profile
CVE-2025-42910
9đ
Due to missing verification of file type orMultiple Products
Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might ...
CVSS Base9
â
CRSSelect profile
â ī¸
High Priority Updates
â ī¸ CISA KEV
CVE-2025-59230
7.8đ
ConnectionMultiple Products
â° Federal Deadline:November 3, 2025(21 days remaining)
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-24990
7.8đ
MicrosoftMultiple Products
â° Federal Deadline:November 3, 2025(21 days remaining)
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59237
8.8đ
MicrosoftMultiple Products
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-59213
8.4đ
MicrosoftMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-59236
8.4đ
MicrosoftMultiple Products
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-50175
7.8đ
UseMultiple Products
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53150
7.8đ
UseMultiple Products
Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55697
7.8đ
UnknownMultiple Products
Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-58722
7.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-58728
7.8đ
UseMultiple Products
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59222
7.8đ
MicrosoftMultiple Products
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59223
7.8đ
MicrosoftMultiple Products
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59224
7.8đ
MicrosoftMultiple Products
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59225
7.8đ
MicrosoftMultiple Products
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59226
7.8đ
MicrosoftMultiple Products
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59227
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59234
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59238
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59242
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59243
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59254
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59255
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-58715
8.8
MicrosoftMultiple Products
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally
CVSS Base8.8
â
CRSSelect profile
CVE-2025-58716
8.8
MicrosoftMultiple Products
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally
CVSS Base8.8
â
CRSSelect profile
CVE-2025-59228
8.8
MicrosoftMultiple Products
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-59249
8.8
MicrosoftMultiple Products
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53782
8.4
MicrosoftMultiple Products
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-58325
8.2
IncorrectMultiple Products
An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7
CVSS Base8.2
â
CRSSelect profile
CVE-2025-59291
8.2
ExternalMultiple Products
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally
CVSS Base8.2
â
CRSSelect profile
CVE-2025-59292
8.2
ExternalMultiple Products
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally
CVSS Base8.2
â
CRSSelect profile
CVE-2025-54263
8.1
AdobeMultiple Products
Adobe Commerce versions 2
CVSS Base8.1
â
CRSSelect profile
CVE-2025-54264
8.1
AdobeMultiple Products
Adobe Commerce versions 2
CVSS Base8.1
â
CRSSelect profile
CVE-2025-24052
7.8
MicrosoftMultiple Products
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50152
7.8
UnknownMultiple Products
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55328
7.8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55339
7.8
UnknownMultiple Products
Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55677
7.8
UntrustedMultiple Products
Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55680
7.8
UnknownMultiple Products
Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55692
7.8
ImproperMultiple Products
Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55694
7.8
ImproperMultiple Products
Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55701
7.8
MicrosoftMultiple Products
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-58714
7.8
ImproperMultiple Products
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-58720
7.8
UseMultiple Products
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-58724
7.8
ImproperMultiple Products
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59187
7.8
ImproperMultiple Products
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59207
7.8
UntrustedMultiple Products
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59231
7.8
MicrosoftMultiple Products
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59233
7.8
MicrosoftMultiple Products
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59241
7.8
ImproperMultiple Products
Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59275
7.8
ImproperMultiple Products
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59277
7.8
ImproperMultiple Products
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-61688
8.6đ
KubernetesMultiple Products
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud
CVSS Base8.6
â
CRSSelect profile
CVE-2025-62156
8.1
KubernetesMultiple Products
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes
CVSS Base8.1
â
CRSSelect profile
CVE-2025-49201
8.1
FortinetMultiple Products
A weak authentication in Fortinet FortiPAM 1
CVSS Base8.1
â
CRSSelect profile
CVE-2025-9713
8.8đ
EndpointMultiple Products
Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution
CVSS Base8.8
â
CRSSelect profile
CVE-2025-58718
8.8
DesktopMultiple Products
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11695
8đ
WhenMultiple Products
When tlsInsecure=False appears in a connection string, certificate validation is disabled
CVSS Base8
â
CRSSelect profile
CVE-2025-41699
8.8
lowMultiple Products
An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection')
CVSS Base8.8
â
CRSSelect profile
CVE-2025-59295
8.8
UnknownMultiple Products
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11622
7.8đ
EndpointMultiple Products
Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53768
7.8
UseMultiple Products
Use after free in Xbox allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59191
7.8
UnknownMultiple Products
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-11651
8.8đ
hasMultiple Products
A vulnerability has been found in UTT čŋå 518G up to V3v3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11652
8.8đ
wasMultiple Products
A vulnerability was found in UTT čŋå 518G up to V3v3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11653
8.8đ
UTTMultiple Products
A vulnerability was determined in UTT HiPER 2620G up to 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-10228
8.8
Rolantis InformationMultiple Products
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking
CVSS Base8.8
â
CRSSelect profile
CVE-2025-20709
8.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base8.8
â
CRSSelect profile
CVE-2025-20710
8.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an integer overflow
CVSS Base8.8
â
CRSSelect profile
CVE-2025-20711
8.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base8.8
â
CRSSelect profile
CVE-2025-20712
8.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base8.8
â
CRSSelect profile
CVE-2025-20719
8.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base8.8
â
CRSSelect profile
CVE-2025-20720
8.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base8.8
â
CRSSelect profile
CVE-2025-40755
8.8
hasMultiple Products
A vulnerability has been identified in SINEC NMS (All versions < V4
CVSS Base8.8
â
CRSSelect profile
CVE-2025-10552
8.7đ
storedMultiple Products
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session
CVSS Base8.7
â
CRSSelect profile
CVE-2025-10556
8.7đ
SpecificationMultiple Products
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session
CVSS Base8.7
â
CRSSelect profile
CVE-2025-10557
8.7đ
fromMultiple Products
A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session
CVSS Base8.7
â
CRSSelect profile
CVE-2025-10558
8.7đ
storedMultiple Products
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session
CVSS Base8.7
â
CRSSelect profile
CVE-2025-59889
8.6
ImproperMultiple Products
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package
CVSS Base8.6
â
CRSSelect profile
CVE-2025-0636
8.4
EMCLIMultiple Products
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution
CVSS Base8.4
â
CRSSelect profile
CVE-2025-23356
8.4
NVIDIAMultiple Products
NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing
CVSS Base8.4
â
CRSSelect profile
CVE-2025-36087
8.1
IBMMultiple Products
IBM Security Verify Access 10
CVSS Base8.1
â
CRSSelect profile
CVE-2025-59250
8.1
SQLMultiple Products
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62363
7.8
UnknownMultiple Products
yt-grabber-tui is a terminal user interface application for downloading videos
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20713
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20714
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20715
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20716
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20717
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20718
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20721
7.8
InMultiple Products
In imgsensor, there is a possible out of bounds write due to a missing bounds check
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20723
7.8
gnssMultiple Products
In gnss driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40809
7.8
hasMultiple Products
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40810
7.8
hasMultiple Products
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40811
7.8
hasMultiple Products
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40812
7.8
hasMultiple Products
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224
CVSS Base7.8
â
CRSSelect profile
CVE-2025-57741
7.8
IncorrectMultiple Products
An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55696
7.8
UnknownMultiple Products
Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59192
7.8
BufferMultiple Products
Buffer over-read in Storport
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59199
7.8
ImproperMultiple Products
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59201
7.8
ImproperMultiple Products
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally