Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
This curated brief highlights 10 actively exploited vulnerabilities, 3 critical vulnerabilities, and 37 high-priority updates requiring immediate attention.
50 total vulnerabilities curated from weekend collection (Sat-Sun-Mon)
10 CISA KEV vulnerabilities with federal compliance deadlines
3 critical vulnerabilities including WordPress RCE and privilege escalation flaws
Microsoft SharePoint Server deserialization vulnerability actively exploited
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-53770
9.8
MicrosoftSharePoint Server
β° Federal Deadline:July 20, 2025(EXPIRED)
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.
CVSS Base9.8
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48928
9.5π
TeleMessageTM SGNL
β° Federal Deadline:July 21, 2025
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48927
9.5π
TeleMessageTM SGNL
β° Federal Deadline:July 21, 2025
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-6554
9.5π
GoogleChromium V8
β° Federal Deadline:July 22, 2025(1 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2019-9621
9.5π
SynacorZimbra Collaboration Suite (ZCS)
β° Federal Deadline:July 27, 2025(6 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2019-5418
9.5π
RailsRuby on Rails
β° Federal Deadline:July 27, 2025(6 days remaining)
Rails Ruby on Rails Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2016-10033
9.5π
PHPPHPMailer
β° Federal Deadline:July 27, 2025(6 days remaining)
PHPMailer Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2014-3931
9.5π
Looking GlassMulti-Router Looking Glass (MRLG)
β° Federal Deadline:July 27, 2025(6 days remaining)
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-47812
9.5π
Wing FTP ServerWing FTP Server
β° Federal Deadline:August 3, 2025(13 days remaining)
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-25257
9.5π
FortinetFortiWeb
β° Federal Deadline:August 7, 2025(17 days remaining)
Fortinet FortiWeb SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2025-8901
9.8
WordPressBears Backup Plugin
WordPress Bears Backup plugin is vulnerable to remote code execution in all versions up to 2.0.0 due to improper input validation in the backup restore functionality.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-9012
9.3
CMSJunkieWP-BusinessDirectory Plugin
SQL injection vulnerability in CMSJunkie WP-BusinessDirectory plugin allows blind SQL injection attacks through search parameters.
CVSS Base9.3
β
CRSSelect profile
CVE-2025-7883
9.8π
EluktronicsControl Center
A critical command injection vulnerability in Eluktronics Control Center allows authenticated attackers to execute arbitrary commands with elevated privileges.
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2015-10139
8.8π
WordPressMultiple Products
The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1
CVSS Base8.8
β
CRSSelect profile
CVE-2015-10134
7.5π
WordPressMultiple Products
The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2
CVSS Base7.5
β
CRSSelect profile
CVE-2015-10136
7.5π
WordPressMultiple Products
The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3
CVSS Base7.5
β
CRSSelect profile
CVE-2015-10133
7.2π
WordPressMultiple Products
The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2
CVSS Base7.2
β
CRSSelect profile
CVE-2025-47917
8.9π
TLSMultiple Products
Mbed TLS before 3
CVSS Base8.9
β
CRSSelect profile
CVE-2025-7837
8.8π
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK T6 4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7853
8.8π
wasMultiple Products
A vulnerability was found in Tenda FH451 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7854
8.8π
classifiedMultiple Products
A vulnerability classified as critical has been found in Tenda FH451 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7855
8.8π
classifiedMultiple Products
A vulnerability classified as critical was found in Tenda FH451 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-46384
8.8π
UnknownMultiple Products
CWE-434 Unrestricted Upload of File with Dangerous Type
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7908
8.8π
D-LinkMultiple Products
A vulnerability was found in D-Link DI-8100 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7909
8.8π
D-LinkMultiple Products
A vulnerability was found in D-Link DIR-513 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7910
8.8π
D-LinkMultiple Products
A vulnerability classified as critical has been found in D-Link DIR-513 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7911
8.8π
D-LinkMultiple Products
A vulnerability classified as critical was found in D-Link DI-8100 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7912
8.8π
TOTOLINKMultiple Products
A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7913
8.8π
TOTOLINKMultiple Products
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-7914
8.8π
hasMultiple Products
A vulnerability has been found in Tenda AC6 15
CVSS Base8.8
β
CRSSelect profile
CVE-2025-46385
8.6π
UnknownMultiple Products
CWE-918 Server-Side Request Forgery (SSRF)
CVSS Base8.6
β
CRSSelect profile
CVE-2025-54317
8.4π
LogpointMultiple Products
An issue was discovered in Logpoint before 7
CVSS Base8.4
β
CRSSelect profile
CVE-2025-7883
7.8π
ControlMultiple Products
A vulnerability classified as critical has been found in Eluktronics Control Center 5
CVSS Base7.8
β
CRSSelect profile
CVE-2025-54313
7.5
UnknownMultiple Products
eslint-config-prettier 8
CVSS Base7.5
β
CRSSelect profile
CVE-2025-7823
7.3
JinherMultiple Products
A vulnerability was found in Jinher OA 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7824
7.3
JinherMultiple Products
A vulnerability was found in Jinher OA 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7829
7.3
DonationMultiple Products
A vulnerability was found in code-projects Church Donation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7830
7.3
DonationMultiple Products
A vulnerability was found in code-projects Church Donation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7831
7.3
DonationMultiple Products
A vulnerability classified as critical has been found in code-projects Church Donation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7832
7.3
DonationMultiple Products
A vulnerability classified as critical was found in code-projects Church Donation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7833
7.3
DonationMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7838
7.3
ReservationMultiple Products
A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7859
7.3
DonationMultiple Products
A vulnerability classified as critical was found in code-projects Church Donation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7860
7.3
DonationMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7861
7.3
DonationMultiple Products
A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7862
7.3
TOTOLINKMultiple Products
A vulnerability has been found in TOTOLINK T6 4
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7875
7.3
classifiedMultiple Products
A vulnerability classified as critical has been found in Metasoft ηΎηΉθ½―δ»Ά MetaCRM up to 6
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7886
7.3
AMultiple Products
A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486
CVSS Base7.3
β
CRSSelect profile
CVE-2025-7897
7.3
wasMultiple Products
A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1