Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Today's Security Brief
Monday's security brief highlights 6 actively exploited vulnerabilities and 29 high-priority updates demanding immediate attention across federal and enterprise environments.
35 total vulnerabilities analyzed from weekend disclosure period (Friday-Monday)
6 CISA KEV vulnerabilities with federal compliance deadlines approaching
WordPress ecosystem heavily impacted with 4 critical plugin/theme vulnerabilities
Network infrastructure at risk: Multiple TOTOLINK and D-Link router vulnerabilities disclosed
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-47812
9.5đ
Wing FTP ServerWing FTP Server
â° Federal Deadline:August 3, 2025(7 days remaining)
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-25257
9.5đ
FortinetFortiWeb
â° Federal Deadline:August 7, 2025(11 days remaining)
Fortinet FortiWeb SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2775
9.5
SysAidSysAid On-Prem
â° Federal Deadline:August 11, 2025(15 days remaining)
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2776
9.5
SysAidSysAid On-Prem
â° Federal Deadline:August 11, 2025(15 days remaining)
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6558
9.5đ
GoogleChromium
â° Federal Deadline:August 11, 2025(15 days remaining)
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54309
9.5
CrushFTPCrushFTP
â° Federal Deadline:August 11, 2025(15 days remaining)
CrushFTP Unprotected Alternate Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2024-13507
7.5đ
WordPressMultiple Products
The GeoDirectory â WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-54378
8.3đ
HAXMultiple Products
HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends
CVSS Base8.3
â
CRSSelect profile
CVE-2025-6989
8.1đ
WordPressMultiple Products
The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up to, and including, 4
CVSS Base8.1
â
CRSSelect profile
CVE-2025-8198
7.5đ
WordPressMultiple Products
The MinimogWP â The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3
CVSS Base7.5
â
CRSSelect profile
CVE-2025-6991
7.5đ
WordPressMultiple Products
The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-8179
7.3đ
SearchMultiple Products
A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8178
8.8đ
classifiedMultiple Products
A vulnerability classified as critical has been found in Tenda AC10 16
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8180
8.8đ
AMultiple Products
A vulnerability, which was classified as critical, has been found in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8184
8.8đ
D-LinkMultiple Products
A vulnerability was found in D-Link DIR-513 up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8242
8.8đ
TOTOLINKMultiple Products
A vulnerability has been found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8243
8.8
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8244
8.8
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8245
8.8
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8246
8.8
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-5120
7.6
smolagentsMultiple Products
A sandbox escape vulnerability was identified in huggingface/smolagents version 1
CVSS Base7.6
â
CRSSelect profile
CVE-2025-8185
7.3
foundMultiple Products
A vulnerability was found in 1000 Projects ABC Courier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8220
7.3
classifiedMultiple Products
A vulnerability classified as critical has been found in Engeman Web up to 12
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8232
7.3
OrderingMultiple Products
A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8233
7.3
OrderingMultiple Products
A vulnerability has been found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8234
7.3
OrderingMultiple Products
A vulnerability was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8235
7.3
OrderingMultiple Products
A vulnerability was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8236
7.3
OrderingMultiple Products
A vulnerability was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8237
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8238
7.3
FormMultiple Products
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8239
7.3
FormMultiple Products
A vulnerability classified as critical was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8240
7.3
FormMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8241
7.3
foundMultiple Products
A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8181
7.2
TOTOLINKMultiple Products
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1