Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Monday's weekend security briefing covers 8 actively exploited vulnerabilities with federal compliance deadlines, plus 27 newly disclosed high-priority vulnerabilities that require immediate patching.
Weekend security snapshot covering Aug 2-4, 2025
FortiWeb federal deadline: 3 days remaining
Chrome & SysAid federal deadlines: 7 days remaining
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-25257
9.5đ
FortinetFortiWeb
â° Federal Deadline:August 7, 2025(3 days remaining)
Fortinet FortiWeb SQL Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-2775
9.5
SysAidSysAid On-Prem
â° Federal Deadline:August 11, 2025(7 days remaining)
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-2776
9.5
SysAidSysAid On-Prem
â° Federal Deadline:August 11, 2025(7 days remaining)
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-6558
9.5đ
GoogleChromium
â° Federal Deadline:August 11, 2025(7 days remaining)
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-54309
9.5
CrushFTPCrushFTP
â° Federal Deadline:August 11, 2025(7 days remaining)
CrushFTP Unprotected Alternate Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-2533
9.5
PaperCutNG/MF
â° Federal Deadline:August 17, 2025(13 days remaining)
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-20337
9.5đ
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(13 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-20281
9.5
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(13 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-6754
8.8đ
WordPressMultiple Products
The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-23276
7.8đ
NVIDIAMultiple Products
NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges
CVSS Base7.8
â
CRSSelect profile
CVE-2025-23277
7.3đ
NVIDIAMultiple Products
NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases
CVSS Base7.3
â
CRSSelect profile
CVE-2025-23278
7.1đ
NVIDIAMultiple Products
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters
CVSS Base7.1
â
CRSSelect profile
CVE-2025-23281
7đ
NVIDIAMultiple Products
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error
CVSS Base7
â
CRSSelect profile
CVE-2025-23283
7.8đ
NVIDIAMultiple Products
NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow
CVSS Base7.8
â
CRSSelect profile
CVE-2025-23284
7.8đ
NVIDIAMultiple Products
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow
CVSS Base7.8
â
CRSSelect profile
CVE-2025-54351
8.9đ
iperfMultiple Products
In iperf before 3
CVSS Base8.9
â
CRSSelect profile
CVE-2025-54955
8.1đ
OpenNebulaMultiple Products
OpenNebula Community Edition (CE) before 7
CVSS Base8.1
â
CRSSelect profile
CVE-2025-54796
7.5đ
fileMultiple Products
Copyparty is a portable file server
CVSS Base7.5
â
CRSSelect profile
CVE-2025-8466
7.3đ
FarmMultiple Products
A vulnerability was found in code-projects Online Farm System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8467
7.3đ
WazifaMultiple Products
A vulnerability was found in code-projects Wazifa System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8468
7.3đ
WazifaMultiple Products
A vulnerability was found in code-projects Wazifa System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8469
7.3đ
ReservationMultiple Products
A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8470
7.3đ
ReservationMultiple Products
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8471
7.3
AdmissionMultiple Products
A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8493
7.3
ManagementMultiple Products
A vulnerability classified as critical was found in code-projects Intern Membership Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8494
7.3
ManagementMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8495
7.3
ManagementMultiple Products
A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8496
7.3
AdmissionMultiple Products
A vulnerability has been found in projectworlds Online Admission System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8497
7.3
MedicineMultiple Products
A vulnerability was found in code-projects Online Medicine Guide 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8498
7.3
MedicineMultiple Products
A vulnerability was found in code-projects Online Medicine Guide 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8499
7.3
MedicineMultiple Products
A vulnerability was found in code-projects Online Medicine Guide 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8502
7.3
MedicineMultiple Products
A vulnerability classified as critical was found in code-projects Online Medicine Guide 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-8503
7.3
MedicineMultiple Products
A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-54136
7.2
CursorMultiple Products
Cursor is a code editor built for programming with AI