Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 5 critical vulnerabilities and 69 high-priority updates requiring immediate attention.
74 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2019-6693
9.5đ
FortinetFortiOS
â° Federal Deadline:July 15, 2025(2 days remaining)
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-0769
9.5đ
D-LinkDIR-859 Router
â° Federal Deadline:July 15, 2025(2 days remaining)
D-Link DIR-859 Router Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-54085
9.5đ
AMIMegaRAC SPx
â° Federal Deadline:July 15, 2025(2 days remaining)
AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-6543
9.5đ
CitrixNetScaler ADC and Gateway
â° Federal Deadline:July 20, 2025(7 days remaining)
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-48928
9.5đ
TeleMessageTM SGNL
â° Federal Deadline:July 21, 2025(8 days remaining)
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-48927
9.5đ
TeleMessageTM SGNL
â° Federal Deadline:July 21, 2025(8 days remaining)
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6554
9.5đ
GoogleChromium V8
â° Federal Deadline:July 22, 2025(9 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2019-9621
9.5đ
SynacorZimbra Collaboration Suite (ZCS)
â° Federal Deadline:July 27, 2025(14 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2019-5418
9.5đ
RailsRuby on Rails
â° Federal Deadline:July 27, 2025(14 days remaining)
Rails Ruby on Rails Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2016-10033
9.5đ
PHPPHPMailer
â° Federal Deadline:July 27, 2025(14 days remaining)
PHPMailer Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2014-3931
9.5đ
Looking GlassMulti-Router Looking Glass (MRLG)
â° Federal Deadline:July 27, 2025(14 days remaining)
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-47812
9.5đ
Wing FTP ServerWing FTP Server
â° Federal Deadline:August 3, 2025(21 days remaining)
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-7451
9.8đ
The iSherlock developed by Hgiga has an OS Command InjectionMultiple Products
The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-53833
10đ
LaRecipe is an application that allows users to create documentation with Markdown inside a LaravelMultiple Products
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could po...
CVSS Base10
â
CRSSelect profile
CVE-2025-7574
9.8đ
AMultiple Products
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-53825
9.4đ
Dokploy is aMultiple Products
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and acc...
CVSS Base9.4
â
CRSSelect profile
CVE-2025-53835
9đ
XWiki Rendering is a generic rendering system that converts textual input in a given syntaxMultiple Products
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14...
CVSS Base9
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-53689
8.8đ
BlindMultiple Products
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7619
8.8đ
UnknownMultiple Products
BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability
CVSS Base8.8
â
CRSSelect profile
CVE-2024-51768
8đ
LicenseMultiple Products
An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9
CVSS Base8
â
CRSSelect profile
CVE-2025-7521
7.3đ
ManagementMultiple Products
A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7534
7.3đ
ManagementMultiple Products
A vulnerability was found in PHPGurukul Student Result Management System 2
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7542
7.3đ
ManagementMultiple Products
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7604
7.3đ
ManagementMultiple Products
A vulnerability was found in PHPGurukul Hospital Management System 4
CVSS Base7.3
â
CRSSelect profile
CVE-2024-51767
7.3đ
LicenseMultiple Products
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9
CVSS Base7.3
â
CRSSelect profile
CVE-2024-51769
7.5đ
LicenseMultiple Products
An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9
CVSS Base7.5
â
CRSSelect profile
CVE-2025-7620
8.8đ
TheMultiple Products
The cross-browser document creation component produced by Digitware System Integration Corporation has a Remote Code Execution vulnerability
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7527
8.8đ
wasMultiple Products
A vulnerability was found in Tenda FH1202 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7528
8.8đ
classifiedMultiple Products
A vulnerability classified as critical has been found in Tenda FH1202 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7529
8.8đ
classifiedMultiple Products
A vulnerability classified as critical was found in Tenda FH1202 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7530
8.8đ
AMultiple Products
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7531
8.8đ
AMultiple Products
A vulnerability, which was classified as critical, was found in Tenda FH1202 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7532
8.8đ
hasMultiple Products
A vulnerability has been found in Tenda FH1202 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7544
8.8đ
wasMultiple Products
A vulnerability was found in Tenda AC1206 15
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7548
8.8đ
hasMultiple Products
A vulnerability has been found in Tenda FH1201 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7549
8.8đ
wasMultiple Products
A vulnerability was found in Tenda FH1201 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7550
8.8đ
wasMultiple Products
A vulnerability was found in Tenda FH1201 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7551
8.8
wasMultiple Products
A vulnerability was found in Tenda FH1201 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7570
8.8
UTTMultiple Products
A vulnerability was found in UTT HiPER 840G up to 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7571
8.8
UTTMultiple Products
A vulnerability classified as critical has been found in UTT HiPER 840G up to 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7586
8.8
wasMultiple Products
A vulnerability was found in Tenda AC500 2
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7596
8.8
wasMultiple Products
A vulnerability was found in Tenda FH1205 2
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7597
8.8
classifiedMultiple Products
A vulnerability classified as critical has been found in Tenda AX1803 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-7598
8.8
classifiedMultiple Products
A vulnerability classified as critical was found in Tenda AX1803 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53819
7.9
packageMultiple Products
Nix is a package manager for Linux and other Unix systems
CVSS Base7.9
â
CRSSelect profile
CVE-2025-25180
7.8
SoftwareMultiple Products
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages
CVSS Base7.8
â
CRSSelect profile
CVE-2025-7564
7.8
AMultiple Products
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-27582
7.6
PasswordMultiple Products
The Secure Password extension in One Identity Password Manager before 5
CVSS Base7.6
â
CRSSelect profile
CVE-2025-53015
7.5
ImageMagickMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base7.5
â
CRSSelect profile
CVE-2025-53101
7.4
ImageMagickMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base7.4
â
CRSSelect profile
CVE-2025-7508
7.3đ
ModernMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Modern Bag 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7509
7.3đ
ModernMultiple Products
A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7510
7.3đ
ModernMultiple Products
A vulnerability has been found in code-projects Modern Bag 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7512
7.3đ
ModernMultiple Products
A vulnerability was found in code-projects Modern Bag 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7513
7.3đ
ModernMultiple Products
A vulnerability was found in code-projects Modern Bag 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7514
7.3đ
ModernMultiple Products
A vulnerability was found in code-projects Modern Bag 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7515
7.3đ
BookingMultiple Products
A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7516
7.3đ
BookingMultiple Products
A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7517
7.3đ
BookingMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7523
7.3đ
JinherMultiple Products
A vulnerability was found in Jinher OA 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7533
7.3đ
JobMultiple Products
A vulnerability was found in code-projects Job Diary 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7535
7.3đ
InventoryMultiple Products
A vulnerability was found in Campcodes Sales and Inventory System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7536
7.3đ
InventoryMultiple Products
A vulnerability was found in Campcodes Sales and Inventory System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7537
7.3đ
InventoryMultiple Products
A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7538
7.3đ
InventoryMultiple Products
A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7539
7.3đ
BookingMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7540
7.3đ
BookingMultiple Products
A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7541
7.3đ
BookingMultiple Products
A vulnerability has been found in code-projects Online Appointment Booking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7547
7.3đ
ReservationMultiple Products
A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7576
7.3
SeriesMultiple Products
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7587
7.3
BookingMultiple Products
A vulnerability was found in code-projects Online Appointment Booking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7593
7.3
JobMultiple Products
A vulnerability was found in code-projects Job Diary 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7594
7.3
JobMultiple Products
A vulnerability was found in code-projects Job Diary 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7595
7.3
JobMultiple Products
A vulnerability was found in code-projects Job Diary 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7605
7.3
AVLMultiple Products
A vulnerability was found in code-projects AVL Rooms 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7606
7.3
AVLMultiple Products
A vulnerability classified as critical has been found in code-projects AVL Rooms 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7607
7.3
ShoppingMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7608
7.3
ShoppingMultiple Products
A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7609
7.3
ShoppingMultiple Products
A vulnerability has been found in code-projects Simple Shopping Cart 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7610
7.3
BillingMultiple Products
A vulnerability was found in code-projects Electricity Billing System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7611
7.3
WeddingMultiple Products
A vulnerability was found in code-projects Wedding Reservation 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7612
7.3
MobileMultiple Products
A vulnerability was found in code-projects Mobile Shop 1
CVSS Base7.3
â
CRSSelect profile
CVE-2024-58258
7.2đ
SugarCRMMultiple Products
SugarCRM before 13
CVSS Base7.2
â
CRSSelect profile
CVE-2025-7602
7.2
D-LinkMultiple Products
A vulnerability was found in D-Link DI-8100 16
CVSS Base7.2
â
CRSSelect profile
CVE-2025-7603
7.2
D-LinkMultiple Products
A vulnerability was found in D-Link DI-8100 16
CVSS Base7.2
â
CRSSelect profile
CVE-2025-1384
7
LeastMultiple Products
Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software