Thursday, February 12, 2026

Today's Security Snapshot

Critical vulnerabilities, curated daily for security professionals

đŸŽ¯ SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Risk scores will be adjusted based on your selected environment

Today's Security Brief

Thursday's vulnerability disclosures include 16 critical-severity CVEs affecting WordPress, METIS WIC and DFS IoT devices, HP systems, and AWS infrastructure, alongside active exploitation of Microsoft Office and Windows components. Critical CVE volume increased 78% from the prior day (16 vs. 9), while high-priority disclosures held steady at 100. Notable critical entries include CVE-2025-64075 (CVSS 10.0) affecting WE2001 check systems, CVE-2026-1357 and CVE-2026-1729 targeting WordPress installations, and CVE-2026-2248/CVE-2026-2249 impacting METIS industrial devices. Attack patterns span remote code execution, command injection in media converters, and authentication bypass in enterprise mail platforms including SmarterTools SmarterMail and Sangoma FreePBX. No patches are currently available for the disclosed vulnerabilities, requiring defenders to implement compensating controls and monitor for exploitation activity.

  • CVE-2025-64075 rated CVSS 10.0 affecting WE2001 check systems — highest severity score in today's disclosures
  • 16 critical CVEs disclosed (up 78% from prior day), including multiple WordPress and METIS IoT device vulnerabilities
  • 100 high-priority CVEs (CVSS 7.0–8.9), unchanged from prior day, spanning enterprise and consumer products
  • Remote code execution and command injection patterns dominate critical findings across media converters, WordPress plugins, and HP shell file handling
  • 0% patch availability across all 116 disclosed CVEs — no vendor fixes currently released
  • 17 actively exploited vulnerabilities include VMware vCenter Server, Microsoft Office/Windows, GitLab, and SmarterMail

Immediate action: Prioritize reviewing exposure to Microsoft Office (CVE-2026-21509), Microsoft Windows (CVE-2026-21525), VMware vCenter Server (CVE-2024-37079), and SmarterTools SmarterMail (CVE-2025-52691, CVE-2026-23760, CVE-2026-24423), all of which have confirmed active exploitation. With 0% patch availability, implement network segmentation, restrict access to affected services, and deploy available detection signatures as interim mitigations until vendor patches are released.

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

Section Navigation