Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Yesterday's disclosures include 11 critical vulnerabilities spanning SolarWinds Serv-U, WordPress plugins, Apache Camel, and Zyxel networking equipment, marking a significant jump from the prior day's single critical CVE. 68 high-priority vulnerabilities were also disclosed, a modest 8% increase. Among the most severe, CVE-2026-23693 carries a maximum CVSS 10.0 score affecting WordPress plugin versions, while four SolarWinds Serv-U flaws (CVE-2025-40538 through CVE-2025-40541) each score 9.1 and CVE-2025-13942 targets Zyxel EX3510 devices at CVSS 9.8. Multiple Microsoft Windows and Office vulnerabilities have confirmed active exploitation, alongside Roundcube Webmail, Google Chromium, and Apple OS zero-days. No patches are currently available for the disclosed vulnerabilities, requiring defenders to prioritize compensating controls and monitoring.
CVE-2026-23693 scores maximum CVSS 10.0 affecting WordPress plugin versions with remote code execution potential
Critical CVE count jumped to 11, up from 1 the prior day â a 1,000% increase driven by SolarWinds, WordPress, and Zyxel disclosures
68 high-priority vulnerabilities disclosed, an 8% increase over the prior day's 63
Four SolarWinds Serv-U vulnerabilities (CVSS 9.1 each) and a Zyxel EX3510 flaw (CVSS 9.8) affect widely deployed enterprise infrastructure
0% patch availability across all 79 disclosed CVEs â compensating controls and network segmentation are essential
18 vulnerabilities have confirmed active exploitation, including multiple Microsoft Windows and Office flaws, Roundcube Webmail, and Google Chromium
Immediate action: Prioritize compensating controls for SolarWinds Serv-U, WordPress plugin, Zyxel EX3510, and Microsoft Windows/Office deployments, as no patches are currently available for any disclosed vulnerabilities. Monitor vendor advisories closely for patch releases on the 11 critical CVEs, and apply network segmentation and enhanced logging for systems with confirmed active exploitation including Roundcube Webmail and Google Chromium.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-11953
9.5đ
React Native CommunityCLI
â° Federal Deadline:February 25, 2026(2 days remaining)
React Native Community CLI OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-24423
9.5
SmarterToolsSmarterMail
â° Federal Deadline:February 25, 2026(2 days remaining)
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-21513
9.5đ
MicrosoftWindows
â° Federal Deadline:March 2, 2026(7 days remaining)
A protection mechanism failure in the MSHTML Framework allows an unauthenticated attacker to bypass security features over a network, potentially leading to unauthorized system access.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-21525
9.5
MicrosoftWindows
â° Federal Deadline:March 2, 2026(7 days remaining)
Microsoft Windows NULL Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-21510
9.5đ
MicrosoftWindows
â° Federal Deadline:March 2, 2026(7 days remaining)
A protection mechanism failure in the Windows Shell allows an unauthenticated attacker to bypass security features over a network connection.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-21533
9.5đ
MicrosoftWindows
â° Federal Deadline:March 2, 2026(7 days remaining)
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate their privileges locally on the affected system.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-21519
9.5đ
MicrosoftWindows
â° Federal Deadline:March 2, 2026(7 days remaining)
A type confusion vulnerability in the Desktop Window Manager (DWM) allows an authorized local attacker to elevate their privileges to a higher level.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-21514
9.5đ
MicrosoftOffice
â° Federal Deadline:March 2, 2026(7 days remaining)
A security feature bypass vulnerability in Microsoft Office Word exists due to reliance on untrusted inputs, allowing an unauthorized local attacker to circumvent security protections.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-20700
9.5đ
AppleApple OS
â° Federal Deadline:March 4, 2026(9 days remaining)
A memory corruption vulnerability in Apple software was addressed through improved state management to prevent potential exploitation.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2024-43468
9.5đ Late Disclosure
MicrosoftConfiguration Manager
â° Federal Deadline:March 4, 2026(9 days remaining)
Microsoft Configuration Manager SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-15556
9.5
Notepad++Notepad++
â° Federal Deadline:March 4, 2026(9 days remaining)
Notepad++ Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-7796
9.5đ Late Disclosure
SynacorZimbra Collaboration Suite
â° Federal Deadline:March 9, 2026(14 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2024-7694
9.5đ Late Disclosure
TeamT5ThreatSonar Anti-Ransomware
â° Federal Deadline:March 9, 2026(14 days remaining)
TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2008-0015
9.5đ Late Disclosure
MicrosoftWindows
â° Federal Deadline:March 9, 2026(14 days remaining)
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-2441
9.5đ
GoogleChromium
â° Federal Deadline:March 9, 2026(14 days remaining)
Google Chrome is vulnerable to a "Use After Free" condition in its CSS engine, which could allow a remote attacker to execute arbitrary code via a crafted webpage.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22175
9.5đ Late Disclosure
GitLabGitLab
â° Federal Deadline:March 10, 2026(15 days remaining)
GitLab Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-49113
9.5
RoundcubeWebmail
â° Federal Deadline:March 12, 2026(17 days remaining)
RoundCube Webmail Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-68461
9.5
RoundcubeWebmail
â° Federal Deadline:March 12, 2026(17 days remaining)
RoundCube Webmail Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2026-24494
9.8đ
theOnline Ordering System
An unauthenticated SQL injection vulnerability exists in the Order Up Online Ordering System 1.0 via the store_id parameter in the /api/integrations/getintegrations endpoint.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-26198
9.8đ
OrmarOrmar ORM
Ormar ORM aggregate queries lack sanitization in `min()` and `max()` methods, allowing unauthenticated attackers to inject raw SQL and extract entire database contents via subqueries.
CVSS Base9.8
â
CRSSelect profile
CVE-2026-23693
10đ
WordPressplugin versions
The ElementsKit Lite plugin for WordPress exposes a REST endpoint without authentication, allowing unauthenticated attackers to use the site as an open proxy for Mailchimp API requests.
CVSS Base10
â
CRSSelect profile
CVE-2025-40538
9.1đ
SolarWindsServ-U
A broken access control vulnerability in Serv-U allows domain or group administrators to escalate privileges, create system admin users, and execute arbitrary code as a privileged account.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-40539
9.1đ
SolarWindsServ-U
A type confusion vulnerability in Serv-U enables authenticated administrative users to execute arbitrary native code with the privileges of the service account.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-40540
9.1đ
SolarWindsServ-U
A critical type confusion vulnerability in Serv-U allows an authenticated administrative user to execute arbitrary native code, potentially compromising the host system.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-40541
9.1đ
SolarWindsServ-U
An Insecure Direct Object Reference (IDOR) vulnerability in Serv-U allows authenticated administrators to execute native code as a privileged account by manipulating object identifiers.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-23552
9.1đ
ApacheCamel Keycloak
Apache Camel Keycloak fails to validate the issuer claim of JWT tokens, allowing tokens from one realm to be accepted by another, thereby breaking tenant isolation.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-13942
9.8đ
ZyxelEX3510
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 router allows remote attackers to execute arbitrary OS commands via crafted SOAP requests.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-70043
9.1đ
Aymsnode-To master
The Ayms node-To master application disables TLS/SSL certificate validation by setting 'rejectUnauthorized' to false, facilitating Man-in-the-Middle (MitM) attacks.
CVSS Base9.1
â
CRSSelect profile
CVE-2026-2588
9.1đ
Perl (CPAN)Crypt::NaCl::Sodium
Crypt::NaCl::Sodium for Perl contains an integer overflow on 32-bit systems when casting length pointers, potentially leading to memory corruption or cryptographic failures.
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2019-25391
8.2đ Late Disclosure
HPendpoint with
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25440
8.2đ Late Disclosure
HPwith malicious
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25443
8.2đ Late Disclosure
HPto execute
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25446
8.2đ Late Disclosure
HPwith malicious
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25461
8.2đ Late Disclosure
Archendpoint with
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2026-24481
7.5đ
AdobePhotoshop
A security flaw in ImageMagick, a popular image manipulation software, allows for potential exploitation during the processing of digital images.
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25455
8.2đđ Late Disclosure
InforE-Ticaret
Web Ofisi E-Ticaret v3 contains an unauthenticated SQL injection vulnerability in the 'a' parameter, allowing for unauthorized database manipulation.
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25456
8.2đđ Late Disclosure
InforEmlak
Web Ofisi Emlak v2 is vulnerable to an unauthenticated SQL injection via the 'ara' GET parameter, enabling attackers to manipulate database queries.
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25457
8.2đđ Late Disclosure
InforFirma
Web Ofisi Firma v13 contains an unauthenticated SQL injection vulnerability via the 'oz' array parameter, allowing for the manipulation of backend database queries.
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25458
8.2đđ Late Disclosure
InforFirma Rehberi
Web Ofisi Firma Rehberi v1 is vulnerable to an unauthenticated SQL injection through various GET parameters, allowing attackers to manipulate database queries.
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25459
8.2đđ Late Disclosure
InforEmlak
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in its endpoints, allowing unauthenticated attackers to manipulate database queries via GET parameters.
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25460
8.2đđ Late Disclosure
InforPlatinum E-Ticaret
Web Ofisi Platinum E-Ticaret v5 is vulnerable to an unauthenticated SQL injection via the 'q' GET parameter, allowing for unauthorized database manipulation.
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25462
8.2đđ Late Disclosure
InforRent a Car
Web Ofisi Rent a Car v3 contains an unauthenticated SQL injection vulnerability in the 'klima' parameter, allowing attackers to execute arbitrary SQL commands.
CVSS Base8.2
â
CRSSelect profile
CVE-2025-67733
8.5
InforMultiple Products
Valkey is a distributed key-value database
CVSS Base8.5
â
CRSSelect profile
CVE-2026-22567
7.6
ImproperMultiple Products
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios
CVSS Base7.6
â
CRSSelect profile
CVE-2026-21863
7.5đ
ValkeyValkey
A vulnerability in the Valkey distributed key-value database could allow attackers to compromise database operations or data integrity.
CVSS Base7.5
â
CRSSelect profile
CVE-2026-27623
7.5đ
ValkeyValkey
A security issue in the Valkey key-value database management system may lead to unauthorized exploitation of database functions or service disruption.
CVSS Base7.5
â
CRSSelect profile
CVE-2025-70045
7.4đ
JXcoreJXM
Improper certificate validation (CWE-295) in JXcore JXM master allows for potential Man-in-the-Middle (MitM) attacks and data interception.
CVSS Base7.4
â
CRSSelect profile
CVE-2019-25433
8.2đ Late Disclosure
HPendpoint with
XOOPS CMS 2
CVSS Base8.2
â
CRSSelect profile
CVE-2019-25452
8.2đ Late Disclosure
HPendpoint that
Dolibarr ERP/CRM 10
CVSS Base8.2
â
CRSSelect profile
CVE-2026-2944
7.3
HPof the
A security flaw has been discovered in Tosei Online Store Management System ãããåēčįŽĄįãˇãšãã 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-2952
7.3
HPof the
A flaw has been found in Vaelsys 4
CVSS Base7.3
â
CRSSelect profile
CVE-2026-2983
7.3
HPof the
A vulnerability was determined in SourceCodester Student Result Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-21420
7.3
DellPath Element
Dell Repository Manager (DRM), versions prior to 3
CVSS Base7.3
â
CRSSelect profile
CVE-2019-25450
7.1đ Late Disclosure
HPendpoints to
Dolibarr ERP/CRM 10
CVSS Base7.1
â
CRSSelect profile
CVE-2026-3042
7.3
HPMultiple Products
A vulnerability was detected in itsourcecode Event Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-3046
7.3
HPMultiple Products
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-3068
7.3
HPMultiple Products
A weakness has been identified in itsourcecode Document Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-3069
7.3
HPMultiple Products
A security vulnerability has been detected in itsourcecode Document Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-1367
8.3
Plusreport option
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option
CVSS Base8.3
â
CRSSelect profile
CVE-2019-25439
8.2đđ Late Disclosure
InforCMS
NoviSmart CMS is vulnerable to a high-severity SQL injection via the Referer HTTP header, allowing remote attackers to execute arbitrary SQL queries against the database.
CVSS Base8.2
â
CRSSelect profile
CVE-2026-2958
8.8
D-LinkDWR
A security vulnerability has been detected in D-Link DWR-M960 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2959
8.8
D-LinkDWR
A vulnerability was detected in D-Link DWR-M960 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2960
8.8
D-LinkDWR
A flaw has been found in D-Link DWR-M960 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2961
8.8
D-LinkDWR
A vulnerability has been found in D-Link DWR-M960 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-2962
8.8
D-LinkDWR
A vulnerability was found in D-Link DWR-M960 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3044
8.8
TendaAC8
A vulnerability has been found in Tenda AC8 16
CVSS Base8.8
â
CRSSelect profile
CVE-2025-13943
8.8
log file downloadEX3301
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5
CVSS Base8.8
â
CRSSelect profile
CVE-2025-69700
7.5
TendaFH1203 V2
Tenda FH1203 V2
CVSS Base7.5
â
CRSSelect profile
CVE-2026-1459
7.2
versionsVMG3625
A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5
CVSS Base7.2
â
CRSSelect profile
CVE-2026-25802
7.6đ
IntelNew API LLM Gateway
A vulnerability in the New API large language model (LLM) gateway and AI asset management system could allow for unauthorized access or manipulation of AI resources.
CVSS Base7.6
â
CRSSelect profile
CVE-2019-25366
8.2đđ Late Disclosure
microASPPortal+ CMS
An unauthenticated SQL injection vulnerability in microASP Portal+ CMS allows remote attackers to execute arbitrary SQL queries via the explode_tree parameter.
CVSS Base8.2
â
CRSSelect profile
CVE-2025-63945
7.4
Tencent iOA appMultiple Products
A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210
CVSS Base7.4
â
CRSSelect profile
CVE-2025-63946
7.4
Tencent PCMultiple Products
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17
CVSS Base7.4
â
CRSSelect profile
CVE-2026-2981
8.8
UTTMultiple Products
A vulnerability was found in UTT HiPER 810G up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3015
8.8
UTTMultiple Products
A vulnerability was determined in UTT HiPER 810G up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-3016
8.8
UTTMultiple Products
A vulnerability was identified in UTT HiPER 810G up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2026-26331
8.8
UnknownMultiple Products
yt-dlp is a command-line audio/video downloader
CVSS Base8.8
â
CRSSelect profile
CVE-2026-25648
8.7
startingMultiple Products
Versions of the Traccar open-source GPS tracking system starting with 6
CVSS Base8.7
â
CRSSelect profile
CVE-2026-25965
8.6
UnknownMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base8.6
â
CRSSelect profile
CVE-2019-25442
8.2đ Late Disclosure
WizMultiple Products
Web Wiz Forums 12
CVSS Base8.2
â
CRSSelect profile
CVE-2026-25794
8.2
UnknownMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base8.2
â
CRSSelect profile
CVE-2025-70329
8
TOTOLinkMultiple Products
TOTOLink X5000R v9
CVSS Base8
â
CRSSelect profile
CVE-2026-2998
7.8đ
eAI TechnologiesERP
A DLL Hijacking vulnerability in eAI Technologies ERP allows authenticated local attackers to execute arbitrary code by placing a malicious DLL in the application directory.
CVSS Base7.8
â
CRSSelect profile
CVE-2024-1524
7.7đ Late Disclosure
InforMultiple Products
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users
CVSS Base7.7
â
CRSSelect profile
CVE-2026-24485
7.5
ArchMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base7.5
â
CRSSelect profile
CVE-2026-25985
7.5
UnknownMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base7.5
â
CRSSelect profile
CVE-2026-25989
7.5
UnknownMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base7.5
â
CRSSelect profile
CVE-2026-25967
7.4
UnknownMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base7.4
â
CRSSelect profile
CVE-2026-25968
7.4
UnknownMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base7.4
â
CRSSelect profile
CVE-2026-2940
7.3
InforMultiple Products
A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b
CVSS Base7.3
â
CRSSelect profile
CVE-2026-3025
7.3
ManagementMultiple Products
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-3026
7.3
erzhongxmuMultiple Products
A vulnerability has been found in erzhongxmu JEEWMS 3
CVSS Base7.3
â
CRSSelect profile
CVE-2026-25649
7.3
andMultiple Products
Versions of the Traccar open-source GPS tracking system up to and including 6
CVSS Base7.3
â
CRSSelect profile
CVE-2026-3053
7.3
UnknownMultiple Products
A vulnerability was determined in DataLinkDC dinky up to 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-2980
7.2
UTTMultiple Products
A vulnerability has been found in UTT HiPER 810G up to 1
CVSS Base7.2
â
CRSSelect profile
CVE-2025-14905
7.2
baseMultiple Products
A flaw was found in the 389-ds-base server
CVSS Base7.2
â
CRSSelect profile
CVE-2025-68930
7.1
andMultiple Products
Versions of the Traccar open-source GPS tracking system up to and including 6