CVE Brief - July 15, 2025

Tuesday, July 15, 2025 Archive

Archived Security Snapshot

Critical vulnerabilities, curated daily for security professionals

🎯 SSCV Profile

See how vulnerabilities affect your specific environment

CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework

Select your system profile:

Risk scores will be adjusted based on your selected environment

Archived Security Brief

This curated brief highlights 19 critical vulnerabilities and 70 high-priority updates requiring immediate attention.

Perfect 10 CVSS severity: LaRecipe Server-Side Template Injection vulnerability allows complete system compromise through malicious Markdown
Critical VMware VM escape vulnerabilities in ESXi, Workstation, and Fusion enable attackers to break out of guest VMs and compromise hypervisor hosts
Multiple WordPress plugin critical flaws: HT Contact Form Widget allows unauthenticated file upload, deletion, and arbitrary file moving attacks
Enterprise risks: Oracle Application Express Strategic Planner vulnerability and pyload download manager RCE expose organizational infrastructure
89 total vulnerabilities with 12 CISA Known Exploited Vulnerabilities requiring immediate federal remediation and 80+ AI analyst assessments

💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove

CISA Known Exploited Vulnerabilities

⚠️ CISA KEV URGENT

CVE-2019-6693

9.5 📝

Fortinet FortiOS June 24, 2025

⏰ Federal Deadline: July 15, 2025 (1 days remaining)

Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2024-0769

9.5 📝

D-Link DIR-859 Router June 24, 2025

⏰ Federal Deadline: July 15, 2025 (1 days remaining)

D-Link DIR-859 Router Path Traversal Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2024-54085

9.5 📝

AMI MegaRAC SPx June 24, 2025

⏰ Federal Deadline: July 15, 2025 (1 days remaining)

AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-6543

9.5 📝

Citrix NetScaler ADC and Gateway June 29, 2025

⏰ Federal Deadline: July 20, 2025 (6 days remaining)

Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-48928

9.5 📝

TeleMessage TM SGNL June 30, 2025

⏰ Federal Deadline: July 21, 2025 (7 days remaining)

TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV URGENT

CVE-2025-48927

9.5 📝

TeleMessage TM SGNL June 30, 2025

⏰ Federal Deadline: July 21, 2025 (7 days remaining)

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-6554

9.5 📝

Google Chromium V8 July 1, 2025

⏰ Federal Deadline: July 22, 2025 (8 days remaining)

Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2019-9621

9.5 📝

Synacor Zimbra Collaboration Suite (ZCS) July 6, 2025

⏰ Federal Deadline: July 27, 2025 (13 days remaining)

Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2019-5418

9.5 📝

Rails Ruby on Rails July 6, 2025

⏰ Federal Deadline: July 27, 2025 (13 days remaining)

Rails Ruby on Rails Path Traversal Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2016-10033

9.5 📝

PHP PHPMailer July 6, 2025

⏰ Federal Deadline: July 27, 2025 (13 days remaining)

PHPMailer Command Injection Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2014-3931

9.5 📝

Looking Glass Multi-Router Looking Glass (MRLG) July 6, 2025

⏰ Federal Deadline: July 27, 2025 (13 days remaining)

Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

⚠️ CISA KEV

CVE-2025-47812

9.5 📝

Wing FTP Server Wing FTP Server July 13, 2025

⏰ Federal Deadline: August 3, 2025 (20 days remaining)

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability - Active in CISA KEV catalog.

CVSS Base 9.5

→

CRS Select profile

Critical Vulnerabilities

CVE-2025-53890

9.8 📝

pyload is an Multiple Products Jul 15, 2025

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute a...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-7340

9.8 📝

The HT Contact Form Widget For Elementor Page Builder Multiple Products Jul 15, 2025

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_fi...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-7341

9.1 📝

The HT Contact Form Widget For Elementor Page Builder Multiple Products Jul 15, 2025

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the t...

CVSS Base 9.1

→

CRS Select profile

CVE-2025-7360

9.1 📝

The HT Contact Form Widget For Elementor Page Builder Multiple Products Jul 15, 2025

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the han...

CVSS Base 9.1

→

CRS Select profile

CVE-2025-5394

9.8 📝

The Alone Multiple Products Jul 15, 2025

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() func...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-5393

9.1 📝

The Alone Multiple Products Jul 15, 2025

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone_import_pack_restore_data(...

CVSS Base 9.1

→

CRS Select profile

CVE-2025-50067

9 📝

Vulnerability in Oracle Application Express Multiple Products Jul 15, 2025

Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low privil...

CVSS Base 9

→

CRS Select profile

CVE-2025-41236

9.3 📝

VMware Multiple Products Jul 15, 2025

VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with ...

CVSS Base 9.3

→

CRS Select profile

CVE-2025-41237

9.3 📝

VMware Multiple Products Jul 15, 2025

VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative pr...

CVSS Base 9.3

→

CRS Select profile

CVE-2025-41238

9.3 📝

VMware Multiple Products Jul 15, 2025

VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administra...

CVSS Base 9.3

→

CRS Select profile

CVE-2025-52376

9.8 📝

An authentication bypass vulnerability in the Multiple Products Jul 15, 2025

An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet s...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-7451

9.8 📝

The iSherlock developed by Hgiga has an OS Command Injection Multiple Products Jul 14, 2025

The iSherlock developed by Hgiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. This vulnerability...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-3621

9.6 📝

Unknown Multiple Products Jul 15, 2025

Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Elem...

CVSS Base 9.6

→

CRS Select profile

CVE-2025-53833

10 📝

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel Multiple Products Jul 14, 2025

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could po...

CVSS Base 10

→

CRS Select profile

CVE-2025-53836

9.9 📝

XWiki Rendering is a generic rendering system that converts textual input in a given syntax Multiple Products Jul 15, 2025

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to ...

CVSS Base 9.9

→

CRS Select profile

CVE-2025-7574

9.8 📝

A Multiple Products Jul 14, 2025

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-50756

9.8 📝

Wavlink Multiple Products Jul 14, 2025

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands...

CVSS Base 9.8

→

CRS Select profile

CVE-2025-53825

9.4 📝

Dokploy is a Multiple Products Jul 14, 2025

Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and acc...

CVSS Base 9.4

→

CRS Select profile

CVE-2025-53835

9 📝

XWiki Rendering is a generic rendering system that converts textual input in a given syntax Multiple Products Jul 14, 2025

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14...

CVSS Base 9

→

CRS Select profile

High Priority Updates

CVE-2025-53689

8.8 📝

Blind Multiple Products July 15, 2025

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2

CVSS Base 8.8

→

CRS Select profile

CVE-2025-50060

8.1 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server)

CVSS Base 8.1

→

CRS Select profile

CVE-2025-7657

8.8 📝

Google Multiple Products July 15, 2025

Use after free in WebRTC in Google Chrome prior to 138

CVSS Base 8.8

→

CRS Select profile

CVE-2025-7619

8.8 📝

Unknown Multiple Products July 15, 2025

BatchSignCS, a background Windows application developed by WellChoose, has an Arbitrary File Write vulnerability

CVSS Base 8.8

→

CRS Select profile

CVE-2025-6558

8.8 📝

Google Multiple Products July 15, 2025

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138

CVSS Base 8.8

→

CRS Select profile

CVE-2025-7656

8.8 📝

Google Multiple Products July 15, 2025

Integer overflow in V8 in Google Chrome prior to 138

CVSS Base 8.8

→

CRS Select profile

CVE-2025-30751

8.8 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle Database component of Oracle Database Server

CVSS Base 8.8

→

CRS Select profile

CVE-2025-50059

8.6 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking)

CVSS Base 8.6

→

CRS Select profile

CVE-2025-53024

8.2 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)

CVSS Base 8.2

→

CRS Select profile

CVE-2025-53027

8.2 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)

CVSS Base 8.2

→

CRS Select profile

CVE-2025-53028

8.2 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)

CVSS Base 8.2

→

CRS Select profile

CVE-2025-7667

8.1 📝

WordPress Multiple Products July 15, 2025

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1

CVSS Base 8.1

→

CRS Select profile

CVE-2025-30743

8.1 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle Lease and Finance Management product of Oracle E-Business Suite (component: Internal Operations)

CVSS Base 8.1

→

CRS Select profile

CVE-2025-30744

8.1 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Multiplatform Sync Errors)

CVSS Base 8.1

→

CRS Select profile

CVE-2025-30749

8.1 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D)

CVSS Base 8.1

→

CRS Select profile

CVE-2025-50062

8.1 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core)

CVSS Base 8.1

→

CRS Select profile

CVE-2025-50105

8.1 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration)

CVSS Base 8.1

→

CRS Select profile

CVE-2025-50106

8.1 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D)

CVSS Base 8.1

→

CRS Select profile

CVE-2024-51768

8 📝

License Multiple Products July 15, 2025

An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

CVSS Base 8

→

CRS Select profile

CVE-2025-50069

7.7 📝

Oracle Multiple Products July 15, 2025

Vulnerability in the Java VM component of Oracle Database Server

CVSS Base 7.7

→

CRS Select profile

CVE-2025-30762

7.5

Oracle Multiple Products July 15, 2025

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)

CVSS Base 7.5

→

CRS Select profile

CVE-2025-7604

7.3 📝

Management Multiple Products July 15, 2025

A vulnerability was found in PHPGurukul Hospital Management System 4

CVSS Base 7.3

→

CRS Select profile

CVE-2025-50063

7.3

Oracle Multiple Products July 15, 2025

Vulnerability in Oracle Java SE (component: Install)

CVSS Base 7.3

→

CRS Select profile

CVE-2024-51767

7.3 📝

License Multiple Products July 15, 2025

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

CVSS Base 7.3

→

CRS Select profile

CVE-2024-51769

7.5 📝

License Multiple Products July 15, 2025

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

CVSS Base 7.5

→

CRS Select profile

CVE-2024-51770

7.5

License Multiple Products July 15, 2025

An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9

CVSS Base 7.5

→

CRS Select profile

CVE-2025-41239

7.1

VMware Multiple Products July 15, 2025

VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets

CVSS Base 7.1

→

CRS Select profile

CVE-2025-7620

8.8 📝

The Multiple Products July 15, 2025

The cross-browser document creation component produced by Digitware System Integration Corporation has a Remote Code Execution vulnerability

CVSS Base 8.8

→

CRS Select profile

CVE-2025-26186

8.1

openSIS SQL Injection Multiple Products July 15, 2025

SQL Injection vulnerability in openSIS v

CVSS Base 8.1

→

CRS Select profile

CVE-2025-6971

7.8

SOLIDWORKS Multiple Products July 15, 2025

Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

CVSS Base 7.8

→

CRS Select profile

CVE-2025-6972

7.8

SOLIDWORKS Multiple Products July 15, 2025

Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

CVSS Base 7.8

→

CRS Select profile

CVE-2025-6973

7.8

SOLIDWORKS Multiple Products July 15, 2025

Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

CVSS Base 7.8

→

CRS Select profile

CVE-2025-7042

7.8

SOLIDWORKS Multiple Products July 15, 2025

Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

CVSS Base 7.8

→

CRS Select profile

CVE-2025-7551

8.8

was Multiple Products July 15, 2025

A vulnerability was found in Tenda FH1201 1

CVSS Base 8.8

→

CRS Select profile

CVE-2025-7570

8.8

UTT Multiple Products July 15, 2025

A vulnerability was found in UTT HiPER 840G up to 3

CVSS Base 8.8

→

CRS Select profile

CVE-2025-7571

8.8

UTT Multiple Products July 15, 2025

A vulnerability classified as critical has been found in UTT HiPER 840G up to 3

CVSS Base 8.8

→

CRS Select profile

CVE-2025-7586

8.8

was Multiple Products July 15, 2025

A vulnerability was found in Tenda AC500 2

CVSS Base 8.8

→

CRS Select profile

CVE-2025-7596

8.8

was Multiple Products July 15, 2025

A vulnerability was found in Tenda FH1205 2

CVSS Base 8.8

→

CRS Select profile

CVE-2025-7597

8.8

classified Multiple Products July 15, 2025

A vulnerability classified as critical has been found in Tenda AX1803 1

CVSS Base 8.8

→

CRS Select profile

CVE-2025-7598

8.8

classified Multiple Products July 15, 2025

A vulnerability classified as critical was found in Tenda AX1803 1

CVSS Base 8.8

→

CRS Select profile

CVE-2025-53823

8.8

web Multiple Products July 15, 2025

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions

CVSS Base 8.8

→

CRS Select profile

CVE-2025-53819

7.9

package Multiple Products July 15, 2025

Nix is a package manager for Linux and other Unix systems

CVSS Base 7.9

→

CRS Select profile

CVE-2025-25180

7.8

Software Multiple Products July 15, 2025

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages

CVSS Base 7.8

→

CRS Select profile

CVE-2025-7564

7.8

A Multiple Products July 15, 2025

A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1

CVSS Base 7.8

→

CRS Select profile

CVE-2025-0831

7.8

SOLIDWORKS Multiple Products July 15, 2025

Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

CVSS Base 7.8

→

CRS Select profile

CVE-2025-6974

7.8

SOLIDWORKS Multiple Products July 15, 2025

Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

CVSS Base 7.8

→

CRS Select profile

CVE-2025-27582

7.6

Password Multiple Products July 15, 2025

The Secure Password extension in One Identity Password Manager before 5

CVSS Base 7.6

→

CRS Select profile

CVE-2025-53959

7.6

YouTrack Multiple Products July 15, 2025

In JetBrains YouTrack before 2025

CVSS Base 7.6

→

CRS Select profile

CVE-2024-42646

7.5

segmentation Multiple Products July 15, 2025

A segmentation fault in NanoMQ v0

CVSS Base 7.5

→

CRS Select profile

CVE-2025-53015

7.5

ImageMagick Multiple Products July 15, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images

CVSS Base 7.5

→

CRS Select profile

CVE-2024-42650

7.5

NanoMQ Multiple Products July 15, 2025

NanoMQ 0

CVSS Base 7.5

→

CRS Select profile

CVE-2025-53101

7.4

ImageMagick Multiple Products July 15, 2025

ImageMagick is free and open-source software used for editing and manipulating digital images

CVSS Base 7.4

→

CRS Select profile

CVE-2025-7576

7.3

Series Multiple Products July 15, 2025

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7587

7.3

Booking Multiple Products July 15, 2025

A vulnerability was found in code-projects Online Appointment Booking System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7593

7.3

Job Multiple Products July 15, 2025

A vulnerability was found in code-projects Job Diary 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7594

7.3

Job Multiple Products July 15, 2025

A vulnerability was found in code-projects Job Diary 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7595

7.3

Job Multiple Products July 15, 2025

A vulnerability was found in code-projects Job Diary 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7605

7.3

AVL Multiple Products July 15, 2025

A vulnerability was found in code-projects AVL Rooms 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7606

7.3

AVL Multiple Products July 15, 2025

A vulnerability classified as critical has been found in code-projects AVL Rooms 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7607

7.3

Shopping Multiple Products July 15, 2025

A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7608

7.3

Shopping Multiple Products July 15, 2025

A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7609

7.3

Shopping Multiple Products July 15, 2025

A vulnerability has been found in code-projects Simple Shopping Cart 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7610

7.3

Billing Multiple Products July 15, 2025

A vulnerability was found in code-projects Electricity Billing System 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7611

7.3

Wedding Multiple Products July 15, 2025

A vulnerability was found in code-projects Wedding Reservation 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7612

7.3

Mobile Multiple Products July 15, 2025

A vulnerability was found in code-projects Mobile Shop 1

CVSS Base 7.3

→

CRS Select profile

CVE-2025-7602

7.2

D-Link Multiple Products July 15, 2025

A vulnerability was found in D-Link DI-8100 16

CVSS Base 7.2

→

CRS Select profile

CVE-2025-7603

7.2

D-Link Multiple Products July 15, 2025

A vulnerability was found in D-Link DI-8100 16

CVSS Base 7.2

→

CRS Select profile

CVE-2025-6265

7.2

A path traversal Multiple Products July 15, 2025

A path traversal vulnerability in the file_upload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7

CVSS Base 7.2

→

CRS Select profile

CVE-2025-50819

7.1

beiyuouo Directory Multiple Products July 15, 2025

Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic

CVSS Base 7.1

→

CRS Select profile

CVE-2025-1384

Least Multiple Products July 15, 2025

Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software

CVSS Base 7

→

CRS Select profile

Archived Security Snapshot

🎯 SSCV Profile

📊 Archived Security Brief

Section Navigation

⚠️ CISA Known Exploited Vulnerabilities

🚨 Critical Vulnerabilities

⚠️ High Priority Updates

⭐ Starred CVEs

Archived Security Brief

CISA Known Exploited Vulnerabilities

Critical Vulnerabilities

High Priority Updates