CVE-2025-68645
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Yesterday's disclosures revealed critical vulnerabilities across SAP, Microsoft, Apache, and WordPress ecosystems, with two CVSS 9.9 flaws affecting SAP CRM and the Catalyst Game Server Platform. The day's 109 total CVEs include 9 critical-severity issues (down 40% from the prior day) and 100 high-priority vulnerabilities (up 23%). Notable critical entries include CVE-2026-0488 in SAP CRM, CVE-2026-26009 in Catalyst Game Server Platform, and CVE-2026-23906 in Apache Druid, all scoring 9.8 or above. Attack patterns center on remote code execution and authentication bypass across enterprise platforms, with 21 vulnerabilities confirmed as actively exploited in the wild, including long-standing flaws in Zimbra Collaboration Suite, VMware vCenter Server, and multiple SmarterMail instances. No patches have been confirmed available at this time, making compensating controls and network segmentation essential for affected systems.
Immediate action: Prioritize review of SAP CRM, SAP NetWeaver, Microsoft Office, and Microsoft Windows deployments, as these vendors have both critical-severity and actively exploited vulnerabilities in yesterday's disclosures. With no confirmed patches currently available, implement network segmentation, restrict access to affected services, and monitor for indicators of compromise while awaiting vendor advisories.
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability - Active in CISA KEV catalog.
Versa Concerto Improper Authentication Vulnerability - Active in CISA KEV catalog.
Vite Vitejs Improper Access Control Vulnerability - Active in CISA KEV catalog.
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability - Active in CISA KEV catalog.
Linux Kernel Integer Overflow Vulnerability - Active in CISA KEV catalog.
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
GNU InetUtils Argument Injection Vulnerability - Active in CISA KEV catalog.
Microsoft Office Security Feature Bypass Vulnerability - Active in CISA KEV catalog.
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
Sangoma FreePBX OS Command Injection Vulnerability - Active in CISA KEV catalog.
Sangoma FreePBX Improper Authentication Vulnerability - Active in CISA KEV catalog.
React Native Community CLI OS Command Injection Vulnerability - Active in CISA KEV catalog.
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
Microsoft Windows NULL Pointer Dereference Vulnerability - Active in CISA KEV catalog.
The WPvivid Backup & Migration plugin for WordPress allows unauthenticated remote code execution via arbitrary file uploads due to improper RSA error handling and directory traversal.
Apache Druid is vulnerable to an authentication bypass when LDAP is configured to allow anonymous binds, allowing attackers to access restricted resources with an empty password.
A deserialization vulnerability in the Azure SDK allows an unauthenticated attacker to execute arbitrary code over a network by sending specially crafted data to a vulnerable application.
A flaw in SAP CRM and S/4HANA allows authenticated attackers to exploit generic function module calls to execute arbitrary SQL statements, leading to full database compromise.
Agentflow by Flowring contains a missing authentication vulnerability, allowing unauthenticated remote attackers to read, modify, or delete database contents.
SAP NetWeaver AS ABAP allows low-privileged authenticated users to execute Remote Function Calls (RFC) without proper S_RFC authorization, impacting system integrity and availability.
Catalyst allows users with template permissions to execute arbitrary shell commands as root on host operating systems due to a lack of sandboxing in server template install scripts.
Agentflow by Flowring suffers from an authentication bypass vulnerability, allowing unauthenticated attackers to obtain arbitrary user tokens and impersonate any user.
The Okulistik platform contains a Server-Side Request Forgery (SSRF) vulnerability, allowing attackers to make unauthorized requests from the server to internal or external resources.
A security feature bypass vulnerability in Microsoft Office Word exists due to reliance on untrusted inputs, allowing an unauthorized local attacker to circumvent security protections.
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate their privileges locally on the affected system.
A protection mechanism failure in the Windows Shell allows an unauthenticated attacker to bypass security features over a network connection.
A protection mechanism failure in the MSHTML Framework allows an unauthenticated attacker to bypass security features over a network, potentially leading to unauthorized system access.
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7
A type confusion vulnerability in the Desktop Window Manager (DWM) allows an authorized local attacker to elevate their privileges to a higher level.
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents
The Custom Block Builder â Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4
A heap-based buffer overflow in the Microsoft Graphics Component allows an authenticated user to gain elevated system privileges through local exploitation.
A heap-based buffer overflow in Microsoft Office Excel enables an unauthorized attacker to achieve local privilege escalation on affected systems.
A code injection vulnerability in Microsoft Defender for Linux allows an unauthenticated attacker on an adjacent network to execute arbitrary code.
Improper certificate validation in Azure Local allows an unauthenticated network attacker to execute arbitrary code on the target system.
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally
Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5
A high-severity vulnerability exists in SumatraPDF for Windows. This flaw could allow for exploitation when the reader processes specially crafted multi-format documents.
PowerDocu contains a Windows GUI executable to perform technical documentations
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally
Untrusted pointer dereference in Windows HTTP
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
Time-of-check time-of-use (toctou) race condition in Windows HTTP
Untrusted pointer dereference in Windows HTTP
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network
The SAP Solution Tools Plug-In (ST-PI) fails to perform necessary authorization checks in a specific function module, allowing authenticated users to access sensitive information.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc
An authenticated user can cause a Denial of Service in SAP systems by invoking a remote-enabled function module with an excessively large loop-control parameter.
FreeRDP is a free implementation of the Remote Desktop Protocol
FreeRDP is a free implementation of the Remote Desktop Protocol
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd
A flaw was found in Keycloak
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments
Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers
Worklenz is a project management tool
Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd
An out-of-bounds write in the firmware for Intel AMT and Standard Manageability within Ring 3 user applications may allow an attacker to cause a denial of service.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc
In JetBrains PyCharm before 2025
Crafted delegations or IP fragments can poison cached delegations in Recursor
Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd
A flaw was found in Keycloak
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files
Improper input validation in Power BI allows an authorized attacker to execute code over a network
Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege
A flaw in Intel Quick Assist Technology allows an attacker with Ring 0 access to bypass hardware interface protections, leading to kernel-level privilege escalation.
vscode-spell-checker is a basic spell checker that works well with code and documents
A vulnerability has been identified in NX (All versions < V2512)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512)
A vulnerability has been identified in SINEC NMS (All versions < V4
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2
Audition versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
After Effects versions 25
Substance3D - Designer versions 15
Substance3D - Designer versions 15
After Effects versions 25
InDesign Desktop versions 21
Substance3D - Stager versions 3
Substance3D - Stager versions 3
Substance3D - Stager versions 3
Substance3D - Stager versions 3
Substance3D - Stager versions 3
Bridge versions 15
Bridge versions 15
DNG SDK versions 1
DNG SDK versions 1
Lightroom Desktop versions 15
Cube is a semantic layer for building data applications
MUNGE is an authentication service for creating and validating user credentials
A vulnerability has been identified in Polarion V2404 (All versions < V2404