Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 3 critical vulnerabilities and 38 high-priority updates requiring immediate attention.
41 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-2775
9.5
SysAidSysAid On-Prem
â° Federal Deadline:August 11, 2025(1 days remaining)
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-2776
9.5
SysAidSysAid On-Prem
â° Federal Deadline:August 11, 2025(1 days remaining)
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-6558
9.5đ
GoogleChromium
â° Federal Deadline:August 11, 2025(1 days remaining)
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-54309
9.5
CrushFTPCrushFTP
â° Federal Deadline:August 11, 2025(1 days remaining)
CrushFTP Unprotected Alternate Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2023-2533
9.5
PaperCutNG/MF
â° Federal Deadline:August 17, 2025(7 days remaining)
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20337
9.5đ
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(7 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20281
9.5
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(7 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-25078
9.5
D-LinkDCS-2530L and DCS-2670L Devices
â° Federal Deadline:August 25, 2025(15 days remaining)
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-25079
9.5
D-LinkDCS-2530L and DCS-2670L Devices
â° Federal Deadline:August 25, 2025(15 days remaining)
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-40799
9.5
D-LinkDNR-322L
â° Federal Deadline:August 25, 2025(15 days remaining)
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-8853
9.8đ
Official Document Management System developed byMultiple Products
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-45146
9.8đ
ModelCache for LLM throughMultiple Products
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code v...
CVSS Base9.8
â
CRSSelect profile
CVE-2024-32640
9.8đ
MASA CMS is an Enterprise Content Management platform based on open sourceMultiple Products
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject` meth...
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-54878
8.6đ
CryptoLibMultiple Products
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station
CVSS Base8.6
â
CRSSelect profile
CVE-2025-25231
7.5đ
OmnissaMultiple Products
Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability
CVSS Base7.5
â
CRSSelect profile
CVE-2025-52931
7.5đ
MattermostMultiple Products
Mattermost Confluence Plugin version <1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-54525
7.5đ
MattermostMultiple Products
Mattermost Confluence Plugin version <1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-44004
7.2đ
MattermostMultiple Products
Mattermost Confluence Plugin version <1
CVSS Base7.2
â
CRSSelect profile
CVE-2025-54478
7.2đ
MattermostMultiple Products
Mattermost Confluence Plugin version <1
CVSS Base7.2
â
CRSSelect profile
CVE-2025-25235
8.6đ
UnknownMultiple Products
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2
CVSS Base8.6
â
CRSSelect profile
CVE-2025-55150
8.6đ
UnknownMultiple Products
Stirling-PDF is a locally hosted web application that performs various operations on PDF files
CVSS Base8.6
â
CRSSelect profile
CVE-2025-55151
8.6đ
UnknownMultiple Products
Stirling-PDF is a locally hosted web application that performs various operations on PDF files
CVSS Base8.6
â
CRSSelect profile
CVE-2025-55161
8.6đ
UnknownMultiple Products
Stirling-PDF is a locally hosted web application that performs various operations on PDF files
CVSS Base8.6
â
CRSSelect profile
CVE-2025-8810
8.8đ
classifiedMultiple Products
A vulnerability classified as critical was found in Tenda AC20 16
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8816
8.8đ
LinksysMultiple Products
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8817
8.8đ
LinksysMultiple Products
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8819
8.8đ
LinksysMultiple Products
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8820
8.8đ
LinksysMultiple Products
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8822
8.8
LinksysMultiple Products
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8824
8.8
LinksysMultiple Products
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8826
8.8
LinksysMultiple Products
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8831
8.8
LinksysMultiple Products
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8832
8.8
LinksysMultiple Products
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8833
8.8
LinksysMultiple Products
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801