Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 6 critical vulnerabilities and 52 high-priority updates requiring immediate attention.
58 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-47812
9.5đ
Wing FTP ServerWing FTP Server
â° Federal Deadline:August 3, 2025(7 days remaining)
Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-25257
9.5đ
FortinetFortiWeb
â° Federal Deadline:August 7, 2025(11 days remaining)
Fortinet FortiWeb SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2775
9.5
SysAidSysAid On-Prem
â° Federal Deadline:August 11, 2025(15 days remaining)
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2776
9.5
SysAidSysAid On-Prem
â° Federal Deadline:August 11, 2025(15 days remaining)
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6558
9.5đ
GoogleChromium
â° Federal Deadline:August 11, 2025(15 days remaining)
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54309
9.5
CrushFTPCrushFTP
â° Federal Deadline:August 11, 2025(15 days remaining)
CrushFTP Unprotected Alternate Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-2533
9.5
PaperCutNG/MF
â° Federal Deadline:August 17, 2025(21 days remaining)
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-20337
9.5đ
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(21 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-20281
9.5
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(21 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-27724
9.3đ
A privilege escalation vulnerability exists in theMultiple Products
A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can...
CVSS Base9.3
â
CRSSelect profile
CVE-2025-54418
9.8đ
CodeIgniter is a PHPMultiple Products
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagick...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-54428
9.8đ
RevelaCode is anMultiple Products
RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded use...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-6918
9.8đ
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncvav Virtual PBX Software allows SQL Injection.This issue affects Virtual PBX Software: before 09...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-54419
10đ
A SAML library not dependent on any frameworks that runs inMultiple Products
A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that ...
CVSS Base10
â
CRSSelect profile
CVE-2025-26469
9.3đ
An incorrect default permissions vulnerability exists in theMultiple Products
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840.
A specially crafted application can decrypt credentia...
CVSS Base9.3
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-5997
8.8đ
Beamsec PhishProMultiple Products
Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8194
7.5đ
ThereMultiple Products
There is a defect in the CPython âtarfileâ module affecting the âTarFileâ extraction and entry enumeration APIs
CVSS Base7.5
â
CRSSelect profile
CVE-2025-29534
8.8đ
PowerStick Wave AnMultiple Products
An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8242
8.8đ
TOTOLINKMultiple Products
A vulnerability has been found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8243
8.8đ
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8244
8.8đ
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8245
8.8đ
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8246
8.8đ
TOTOLINKMultiple Products
A vulnerability was found in TOTOLINK X15 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8279
8.7đ
LanguageMultiple Products
Insufficient input validation within GitLab Language Server 7
CVSS Base8.7
â
CRSSelect profile
CVE-2025-8267
8.2đ
ssrfcheckMultiple Products
Versions of the package ssrfcheck before 1
CVSS Base8.2
â
CRSSelect profile
CVE-2025-54531
7.7
TeamCityMultiple Products
In JetBrains TeamCity before 2025
CVSS Base7.7
â
CRSSelect profile
CVE-2025-5120
7.6
smolagentsMultiple Products
A sandbox escape vulnerability was identified in huggingface/smolagents version 1
CVSS Base7.6
â
CRSSelect profile
CVE-2024-49342
7.5
IBMMultiple Products
IBM Informix Dynamic Server 12
CVSS Base7.5
â
CRSSelect profile
CVE-2025-50490
7.5
ImproperMultiple Products
Improper session invalidation in the component /elms/emp-changepassword
CVSS Base7.5
â
CRSSelect profile
CVE-2025-50493
7.5
ImproperMultiple Products
Improper session invalidation in the component /doctor/change-password
CVSS Base7.5
â
CRSSelect profile
CVE-2025-50494
7.5
ImproperMultiple Products
Improper session invalidation in the component /doctor/change-password
CVSS Base7.5
â
CRSSelect profile
CVE-2025-54530
7.5
TeamCityMultiple Products
In JetBrains TeamCity before 2025
CVSS Base7.5
â
CRSSelect profile
CVE-2025-50489
7.5
ImproperMultiple Products
Improper session invalidation in the component /srms/change-password
CVSS Base7.5
â
CRSSelect profile
CVE-2025-50492
7.5
ImproperMultiple Products
Improper session invalidation in the component /edms/change-password
CVSS Base7.5
â
CRSSelect profile
CVE-2025-8220
7.3
classifiedMultiple Products
A vulnerability classified as critical has been found in Engeman Web up to 12
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8232
7.3
OrderingMultiple Products
A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8233
7.3
OrderingMultiple Products
A vulnerability has been found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8234
7.3
OrderingMultiple Products
A vulnerability was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8235
7.3
OrderingMultiple Products
A vulnerability was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8236
7.3
OrderingMultiple Products
A vulnerability was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8237
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8238
7.3
FormMultiple Products
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8239
7.3
FormMultiple Products
A vulnerability classified as critical was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8240
7.3
FormMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8241
7.3
foundMultiple Products
A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8248
7.3
OrderingMultiple Products
A vulnerability classified as critical was found in code-projects Online Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8249
7.3
FormMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8250
7.3
FormMultiple Products
A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8251
7.3
FormMultiple Products
A vulnerability has been found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8252
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8253
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8255
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8259
7.3
AMultiple Products
A vulnerability, which was classified as critical, was found in Vaelsys 4
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8261
7.3
wasMultiple Products
A vulnerability was found in Vaelsys 4
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8269
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8270
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8271
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8272
7.3
FormMultiple Products
A vulnerability was found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8273
7.3
FormMultiple Products
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8274
7.3
ManagementMultiple Products
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-54597
7.2
UnknownMultiple Products
LinuxServer
CVSS Base7.2
â
CRSSelect profile
CVE-2025-50488
7.1
ImproperMultiple Products
Improper session invalidation in the component /library/change-password
CVSS Base7.1
â
CRSSelect profile
CVE-2025-50491
7.1
ImproperMultiple Products
Improper session invalidation in the component /banker/change-password
CVSS Base7.1
â
CRSSelect profile
CVE-2025-50484
7.1
ImproperMultiple Products
Improper session invalidation in the component /crm/change-password
CVSS Base7.1
â
CRSSelect profile
CVE-2025-50487
7.1
ImproperMultiple Products
Improper session invalidation in the component /bbdms/change-password
CVSS Base7.1
â
CRSSelect profile
CVE-2025-50485
7.1
ImproperMultiple Products
Improper session invalidation in the component /crm/change-password
CVSS Base7.1
â
CRSSelect profile
CVE-2025-50486
7.1
ImproperMultiple Products
Improper session invalidation in the component /carrental/update-password