Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Yesterday's disclosures include 15 critical-severity CVEs (CVSS 9.0+), a 114% increase from the prior day's 7 critical issues. High-priority vulnerabilities (CVSS 7.0-8.9) rose modestly to 81, a 13% increase over the previous 72. Sixteen actively exploited vulnerabilities remain on the CISA KEV catalog, including CVE-2026-20045 affecting Cisco Unified Communications Manager, CVE-2025-68645 targeting Zimbra Collaboration Suite, and CVE-2024-37079 in VMware vCenter Server. Notable critical disclosures include CVE-2026-0488 (CVSS 9.9) in SAP CRM, CVE-2026-1868 (CVSS 9.9) in GitLab, and CVE-2026-22903 (CVSS 9.8) in lighttpd. Patch availability stands at 0%, requiring organizations to prioritize compensating controls and monitoring until vendor remediations are released.
15 critical-severity CVEs disclosed, up 114% from 7 the prior day
81 high-priority CVEs (CVSS 7.0-8.9), a 13% increase from 72
16 actively exploited KEV entries including Cisco, Zimbra, VMware vCenter, Microsoft Office, and FreePBX
0% patch availability across all 96 disclosed CVEs β compensating controls recommended
SAP (CRM, NetWeaver), GitLab, lighttpd, and Agentflow among the most affected products in critical disclosures
Immediate action: Organizations running SAP CRM, SAP NetWeaver, GitLab, Cisco Unified Communications Manager, Zimbra, and VMware vCenter Server should assess exposure immediately and apply network-level mitigations. With 0% patch availability, implement compensating controls such as network segmentation, enhanced logging, and access restrictions for affected systems until vendor patches are released.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2026-20045
9.5π
CiscoUnified Communications Manager
β° Federal Deadline:February 10, 2026(1 days remaining)
Cisco Unified Communications Products Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-68645
9.5π
Synacor Zimbra Collaboration Suite (ZCS)
β° Federal Deadline:February 11, 2026(2 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-34026
9.5
VersaConcerto
β° Federal Deadline:February 11, 2026(2 days remaining)
Versa Concerto Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-31125
9.5
ViteVitejs
β° Federal Deadline:February 11, 2026(2 days remaining)
Vite Vitejs Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-54313
9.5
Prettiereslint-config-prettier
β° Federal Deadline:February 11, 2026(2 days remaining)
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2024-37079
9.5π Late Disclosure
BroadcomVMware vCenter Server
β° Federal Deadline:February 12, 2026(3 days remaining)
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2018-14634
9.5π Late Disclosure
LinuxKernal
β° Federal Deadline:February 15, 2026(6 days remaining)
Linux Kernel Integer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-52691
9.5π
SmarterToolsSmarterMail
β° Federal Deadline:February 15, 2026(6 days remaining)
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-23760
9.5
SmarterToolsSmarterMail
β° Federal Deadline:February 15, 2026(6 days remaining)
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-24061
9.5π
GNUInetUtils
β° Federal Deadline:February 15, 2026(6 days remaining)
GNU InetUtils Argument Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-21509
9.5π
MicrosoftOffice
β° Federal Deadline:February 15, 2026(6 days remaining)
Microsoft Office Security Feature Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2021-39935
9.5π Late Disclosure
GitLabCommunity and Enterprise Editions
β° Federal Deadline:February 23, 2026(14 days remaining)
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-64328
9.5
SangomaFreePBX
β° Federal Deadline:February 23, 2026(14 days remaining)
Sangoma FreePBX OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2019-19006
9.5π Late Disclosure
SangomaFreePBX
β° Federal Deadline:February 23, 2026(14 days remaining)
Sangoma FreePBX Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-11953
9.5π
React Native CommunityCLI
β° Federal Deadline:February 25, 2026(16 days remaining)
React Native Community CLI OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-24423
9.5
SmarterToolsSmarterMail
β° Federal Deadline:February 25, 2026(16 days remaining)
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2026-1615
9.8π
Alljsonpath (Node.js/Browser Package)
All versions of the jsonpath library are vulnerable to arbitrary code injection via unsafe evaluation of user-supplied JSON Path expressions.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-0488
9.9π
SAPCRM and
A flaw in SAP CRM and S/4HANA allows authenticated attackers to exploit generic function module calls to execute arbitrary SQL statements, leading to full database compromise.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-2096
9.8π
AgentflowAgentflow
Agentflow by Flowring contains a missing authentication vulnerability, allowing unauthenticated remote attackers to read, modify, or delete database contents.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-25881
9π
SandboxJSSandboxJS
SandboxJS versions before 0.8.31 contain a sandbox escape vulnerability via prototype pollution, potentially allowing sandboxed code to achieve remote code execution (RCE) on the host.
CVSS Base9
β
CRSSelect profile
CVE-2026-1868
9.9π
GitLabhas remediated
Insecure template expansion in GitLab AI Gateway allows attackers to cause a denial-of-service or execute arbitrary code via crafted Duo Agent definitions.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-0509
9.6π
SAPNetWeaver Application
SAP NetWeaver AS ABAP allows low-privileged authenticated users to execute Remote Function Calls (RFC) without proper S_RFC authorization, impacting system integrity and availability.
CVSS Base9.6
β
CRSSelect profile
CVE-2026-22903
9.8π
lighttpdlighttpd Server (Modified)
A stack buffer overflow in modified lighttpd servers allows unauthenticated remote code execution via a crafted SESSIONID cookie.
Improper length handling of cookie fields, including TRACKID, allows unauthenticated remote attackers to trigger a stack buffer overflow and execute arbitrary code.
User credentials are stored using weak AES-ECB encryption with a hardcoded key, allowing unauthenticated attackers to recover plaintext passwords.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-2095
9.8π
AgentflowAgentflow
Agentflow by Flowring suffers from an authentication bypass vulnerability, allowing unauthenticated attackers to obtain arbitrary user tokens and impersonate any user.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-2234
9.1π
HGigaC&Cm@il
A missing authentication vulnerability in HGiga C&Cm@il allows unauthenticated attackers to read and modify any user's email content.
CVSS Base9.1
β
CRSSelect profile
CVE-2026-25057
9.1π
MarkUsMarkUs
MarkUs versions before 2.9.1 allow instructors to perform path traversal via malicious zip file uploads, enabling arbitrary file writes to the server disk.
CVSS Base9.1
β
CRSSelect profile
CVE-2025-6830
9.8π
InforXpoda Studio
Xpoda Studio is vulnerable to SQL injection due to improper neutralization of special elements, potentially allowing unauthorized database access and manipulation.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-25848
9.1π
JetBrainsHub
JetBrains Hub versions prior to 2025.3.119807 contain an authentication bypass vulnerability that allows unauthenticated attackers to perform administrative actions.
CVSS Base9.1
β
CRSSelect profile
CVE-2025-11242
9.8π
Teknolist ComputerOkulistik
The Okulistik platform contains a Server-Side Request Forgery (SSRF) vulnerability, allowing attackers to make unauthorized requests from the server to internal or external resources.
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2026-25892
7.5
HPconverts to
Adminer is open-source database management software
CVSS Base7.5
β
CRSSelect profile
CVE-2026-2094
8.8
DocpediaMultiple Products
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0845
7.2
WordPressis vulnerable
The WCFM β Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFM_Settings_Controller::processing' function in all versions up to, and including, 6
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2236
7.5π
HGigaC&Cm@il
A SQL Injection vulnerability in HGiga C&Cm@il allows unauthenticated remote attackers to inject arbitrary commands and read database contents.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-2093
7.5
DocpediaMultiple Products
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents
CVSS Base7.5
β
CRSSelect profile
CVE-2026-25880
7.8π
SumatraPDFSumatraPDF
A high-severity vulnerability exists in SumatraPDF for Windows. This flaw could allow for exploitation when the reader processes specially crafted multi-format documents.
CVSS Base7.8
β
CRSSelect profile
CVE-2026-25925
7.8
howMultiple Products
PowerDocu contains a Windows GUI executable to perform technical documentations
CVSS Base7.8
β
CRSSelect profile
CVE-2026-25639
7.5
HTTPMultiple Products
Axios is a promise based HTTP client for the browser and Node
CVSS Base7.5
β
CRSSelect profile
CVE-2026-25961
7.5π
SumatraPDFSumatraPDF
SumatraPDF for Windows is affected by a high-severity vulnerability. The flaw resides in the handling of multi-format files, potentially allowing for unauthorized actions on the host system.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-2165
7.3
HPof the
A weakness has been identified in detronetdip E-commerce 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2166
7.3
HPof the
A security vulnerability has been detected in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2171
7.3
HPof the
A vulnerability was found in code-projects Online Student Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2172
7.3
HPof the
A vulnerability was determined in code-projects Online Application System for Admission 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2221
7.3
HPof the
A security flaw has been discovered in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2225
7.3
HPof the
A flaw has been found in itsourcecode News Portal Project 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2151
7.2
HPof the
A vulnerability has been found in D-Link DIR-615 4
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2152
7.2
HPof the
A vulnerability was found in D-Link DIR-615 4
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2158
7.3
HPMultiple Products
A vulnerability was detected in code-projects Student Web Portal 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2161
7.3
HPMultiple Products
A vulnerability was found in itsourcecode Directory Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2164
7.3
HPMultiple Products
A security flaw has been discovered in detronetdip E-commerce 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2173
7.3
HPMultiple Products
A vulnerability was identified in code-projects Online Examination System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2184
7.3
HPMultiple Products
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2189
7.3
HPMultiple Products
A vulnerability was identified in itsourcecode School Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2190
7.3
HPMultiple Products
A security flaw has been discovered in itsourcecode School Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2195
7.3
HPMultiple Products
A vulnerability has been found in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2196
7.3
HPMultiple Products
A vulnerability was found in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2197
7.3
HPMultiple Products
A vulnerability was determined in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2198
7.3
HPMultiple Products
A vulnerability was identified in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2199
7.3
HPMultiple Products
A security flaw has been discovered in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2211
7.3
HPMultiple Products
A vulnerability was determined in code-projects Online Music Site 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2212
7.3
HPMultiple Products
A vulnerability was identified in code-projects Online Music Site 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2217
7.3
HPMultiple Products
A vulnerability was found in itsourcecode Event Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2220
7.3
HPMultiple Products
A vulnerability was identified in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2223
7.3
HPMultiple Products
A security vulnerability has been detected in code-projects Online Reviewer System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0870
7.8
Gigabytehas
MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability
CVSS Base7.8
β
CRSSelect profile
CVE-2026-2180
8.8
TendaRX3
A vulnerability was identified in Tenda RX3 16
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2181
8.8
TendaRX3
A security flaw has been discovered in Tenda RX3 16
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2185
8.8
TendaRX3
A flaw has been found in Tenda RX3 16
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2186
8.8
TendaRX3
A vulnerability has been found in Tenda RX3 16
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2187
8.8
TendaRX3
A vulnerability was found in Tenda RX3 16
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2202
8.8
TendaAC8
A vulnerability was detected in Tenda AC8 16
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2203
8.8
TendaAC8
A flaw has been found in Tenda AC8 16
CVSS Base8.8
β
CRSSelect profile
CVE-2026-25761
8.8
GitHubAction or
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone
CVSS Base8.8
β
CRSSelect profile
CVE-2026-23687
8.8
ApplicationNetWeaver Application
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier
CVSS Base8.8
β
CRSSelect profile
CVE-2026-2097
8.8
theMultiple Products
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server
CVSS Base8.8
β
CRSSelect profile
CVE-2026-24322
7.7π
SAPSolution Tools
The SAP Solution Tools Plug-In (ST-PI) fails to perform necessary authorization checks in a specific function module, allowing authenticated users to access sensitive information.
CVSS Base7.7
β
CRSSelect profile
CVE-2026-0485
7.5
ManagementBusinessObjects BI
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart
CVSS Base7.5
β
CRSSelect profile
CVE-2026-0490
7.5π
SAPBusinessObjects BI
An unauthenticated attacker can send a crafted network request to a trusted endpoint in SAP BusinessObjects BI, breaking authentication and causing a Denial of Service.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-23689
7.7π
SAPSAP NetWeaver
An authenticated user can cause a Denial of Service in SAP systems by invoking a remote-enabled function module with an excessively large loop-control parameter.
CVSS Base7.7
β
CRSSelect profile
CVE-2026-2155
7.2
D-LinkDIR
A security flaw has been discovered in D-Link DIR-823X 250416
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2157
7.2
D-LinkDIR
A security vulnerability has been detected in D-Link DIR-823X 250416
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2175
7.2
D-LinkDIR
A weakness has been identified in D-Link DIR-823X 250416
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2191
7.2
TendaAC9
A weakness has been identified in Tenda AC9 15
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2192
7.2
TendaAC9
A security vulnerability has been detected in Tenda AC9 15
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2210
7.2
D-LinkDIR
A vulnerability has been found in D-Link DIR-823X 250416
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2260
7.2
D-LinkDCS
A vulnerability was found in D-Link DCS-931L up to 1
CVSS Base7.2
β
CRSSelect profile
CVE-2026-22905
7.5π
UnknownUnspecified Product (Web Interface)
Insufficient URI validation and path traversal sequences allow unauthenticated remote attackers to bypass authentication on the affected system.
CVSS Base7.5
β
CRSSelect profile
CVE-2026-25478
7.4
AsynchronousMultiple Products
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework
CVSS Base7.4
β
CRSSelect profile
CVE-2025-11142
7.1
UnknownMultiple Products
The VAPIX API mediaclip
CVSS Base7.1
β
CRSSelect profile
CVE-2025-15319
7.8
Patch EndpointMultiple Products
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools
CVSS Base7.8
β
CRSSelect profile
CVE-2025-15310
7.8
Patch EndpointMultiple Products
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools
CVSS Base7.8
β
CRSSelect profile
CVE-2025-11547
7.8
theMultiple Products
AXIS Camera Station Pro contained a flaw toΒ perform a privilege escalation attack on the server as a non-admin user
CVSS Base7.8
β
CRSSelect profile
CVE-2025-10465
8.8
Birtech InformationMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd
CVSS Base8.8
β
CRSSelect profile
CVE-2026-1486
8.8
UnknownMultiple Products
A flaw was found in Keycloak
CVSS Base8.8
β
CRSSelect profile
CVE-2026-25807
8.8
UnknownMultiple Products
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7799
8.6
Zirve InformationMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc
CVSS Base8.6
β
CRSSelect profile
CVE-2026-25847
8.2
PyCharmMultiple Products
In JetBrains PyCharm before 2025
CVSS Base8.2
β
CRSSelect profile
CVE-2025-59023
8.2
CraftedMultiple Products
Crafted delegations or IP fragments can poison cached delegations in Recursor
CVSS Base8.2
β
CRSSelect profile
CVE-2026-1529
8.1
UnknownMultiple Products
A flaw was found in Keycloak
CVSS Base8.1
β
CRSSelect profile
CVE-2026-25890
8.1
FileMultiple Products
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files
CVSS Base8.1
β
CRSSelect profile
CVE-2026-25931
7.8
UnknownMultiple Products
vscode-spell-checker is a basic spell checker that works well with code and documents
CVSS Base7.8
β
CRSSelect profile
CVE-2026-25958
7.7
UnknownMultiple Products
Cube is a semantic layer for building data applications
CVSS Base7.7
β
CRSSelect profile
CVE-2026-25231
7.5
fileMultiple Products
FileRise is a self-hosted web file manager / WebDAV server
CVSS Base7.5
β
CRSSelect profile
CVE-2026-25791
7.5
UnknownMultiple Products
Sliver is a command and control framework that uses a custom Wireguard netstack
CVSS Base7.5
β
CRSSelect profile
CVE-2026-25808
7.5
UnknownMultiple Products
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub
CVSS Base7.5
β
CRSSelect profile
CVE-2026-2174
7.3
ManagementMultiple Products
A security flaw has been discovered in code-projects Contact Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2177
7.3
ManagementMultiple Products
A vulnerability has been found in SourceCodester Prison Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10463
7.3
Birtech InformationMultiple Products
Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0508
7.3π
IntelBusinessObjects Business Intelligence Platform
SAP BusinessObjects BI Platform allows high-privileged authenticated attackers to inject malicious URLs, creating risks of phishing or unauthorized redirects.
CVSS Base7.3
β
CRSSelect profile
CVE-2026-2182
7.2π
UTTθΏε 521G 3
A security weakness has been identified in the UTT θΏε 521G 3 router that could compromise the device's security posture.
CVSS Base7.2
β
CRSSelect profile
CVE-2026-2188
7.2π
UTTθΏε 521G 3
A vulnerability in the UTT θΏε 521G 3 router allows for potential compromise of the device by remote attackers.