Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 13 critical vulnerabilities and 100 high-priority updates requiring immediate attention.
215 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2023-2533
9.5
PaperCutNG/MF
â° Federal Deadline:August 17, 2025(6 days remaining)
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20337
9.5đ
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(6 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20281
9.5
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(6 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-25078
9.5
D-LinkDCS-2530L and DCS-2670L Devices
â° Federal Deadline:August 25, 2025(14 days remaining)
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-25079
9.5
D-LinkDCS-2530L and DCS-2670L Devices
â° Federal Deadline:August 25, 2025(14 days remaining)
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-40799
9.5
D-LinkDNR-322L
â° Federal Deadline:August 25, 2025(14 days remaining)
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-8088
9.5
RARLABWinRAR
â° Federal Deadline:September 1, 2025(21 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2007-0671
9.5
MicrosoftOffice
â° Federal Deadline:September 1, 2025(21 days remaining)
Microsoft Office Excel Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2013-3893
9.5
MicrosoftInternet Explorer
â° Federal Deadline:September 1, 2025(21 days remaining)
Microsoft Internet Explorer Resource Management Errors Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-8059
9.8đ
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within theMultiple Products
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and in...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-53766
9.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-50165
9.8đ
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over aMultiple Products
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-49457
9.6đ
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via networkMultiple Products
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
CVSS Base9.6
â
CRSSelect profile
CVE-2025-25256
9.8đ
An improper neutralization of special elements used in an OS commandMultiple Products
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 throu...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-8853
9.8đ
Official Document Management System developed byMultiple Products
Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-40746
9.1đ
A vulnerability has been identified in SIMATIC RTLS Locating ManagerMultiple Products
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remo...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-50171
9.1đ
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over aMultiple Products
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-45146
9.8đ
ModelCache for LLM throughMultiple Products
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code v...
CVSS Base9.8
â
CRSSelect profile
CVE-2024-32640
9.8đ
MASA CMS is an Enterprise Content Management platform based on open sourceMultiple Products
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject` meth...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-55010
9.1đ
Kanboard is project management software that focuses on the KanbanMultiple Products
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users ...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-42950
9.9đ
SAP Landscape TransformationMultiple Products
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int...
CVSS Base9.9
â
CRSSelect profile
CVE-2025-42957
9.9đ
SAPMultiple Products
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing...
CVSS Base9.9
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2024-26009
8.1đ
FortinetMultiple Products
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6
CVSS Base8.1
â
CRSSelect profile
CVE-2025-49757
8.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-50163
8.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-50160
8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-50162
8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-50164
8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-53720
8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-42951
8.8đ
brokenMultiple Products
Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API
CVSS Base8.8
â
CRSSelect profile
CVE-2025-5391
8.1đ
WordPressMultiple Products
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1
CVSS Base8.1
â
CRSSelect profile
CVE-2025-49712
8.8đ
MicrosoftMultiple Products
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53131
8.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53731
8.4đ
MicrosoftMultiple Products
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-53740
8.4đ
MicrosoftMultiple Products
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-53784
8.4đ
MicrosoftMultiple Products
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-50177
8.1đ
UseMultiple Products
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network
CVSS Base8.1
â
CRSSelect profile
CVE-2025-49761
7.8
UseMultiple Products
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50153
7.8
WindowsMultiple Products
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53133
7.8
UseMultiple Products
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53151
7.8
UseMultiple Products
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53152
7.8
WindowsMultiple Products
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53155
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53730
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53732
7.8
MicrosoftMultiple Products
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53734
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53735
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53737
7.8
MicrosoftMultiple Products
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-8418
8.8
WordPressMultiple Products
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53143
8.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53144
8.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53145
8.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53778
8.8
ImproperMultiple Products
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-49557
8.7
AdobeMultiple Products
Adobe Commerce versions 2
CVSS Base8.7
â
CRSSelect profile
CVE-2025-54878
8.6đ
CryptoLibMultiple Products
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station
CVSS Base8.6
â
CRSSelect profile
CVE-2025-53733
8.4
MicrosoftMultiple Products
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-55165
8.2
AutocaliwebMultiple Products
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database
CVSS Base8.2
â
CRSSelect profile
CVE-2025-49555
8.1
AdobeMultiple Products
Adobe Commerce versions 2
CVSS Base8.1
â
CRSSelect profile
CVE-2025-53132
8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-49707
7.9
ImproperMultiple Products
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally
CVSS Base7.9
â
CRSSelect profile
CVE-2025-50155
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50168
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50170
7.8
ImproperMultiple Products
Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50173
7.8
WeakMultiple Products
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53141
7.8
NullMultiple Products
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53154
7.8
NullMultiple Products
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53723
7.8
NumericMultiple Products
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53724
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53725
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53726
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53729
7.8
ImproperMultiple Products
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-52970
8.1
FortiWebMultiple Products
A improper handling of parameters in Fortinet FortiWeb versions 7
CVSS Base8.1
â
CRSSelect profile
CVE-2025-25235
8.6đ
UnknownMultiple Products
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2
CVSS Base8.6
â
CRSSelect profile
CVE-2025-55150
8.6đ
UnknownMultiple Products
Stirling-PDF is a locally hosted web application that performs various operations on PDF files
CVSS Base8.6
â
CRSSelect profile
CVE-2025-55151
8.6đ
UnknownMultiple Products
Stirling-PDF is a locally hosted web application that performs various operations on PDF files
CVSS Base8.6
â
CRSSelect profile
CVE-2025-55161
8.6đ
UnknownMultiple Products
Stirling-PDF is a locally hosted web application that performs various operations on PDF files
CVSS Base8.6
â
CRSSelect profile
CVE-2025-47954
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-49758
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-49759
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53727
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53772
8.8
DeserializationMultiple Products
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53149
7.8
UnknownMultiple Products
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-8820
8.8đ
LinksysMultiple Products
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8822
8.8
LinksysMultiple Products
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8824
8.8
LinksysMultiple Products
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8826
8.8
LinksysMultiple Products
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8831
8.8
LinksysMultiple Products
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8832
8.8
LinksysMultiple Products
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8833
8.8
LinksysMultiple Products
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801
CVSS Base8.8
â
CRSSelect profile
CVE-2025-55157
8.8
VimMultiple Products
Vim is an open source, command line text editor
CVSS Base8.8
â
CRSSelect profile
CVE-2025-55158
8.8
VimMultiple Products
Vim is an open source, command line text editor
CVSS Base8.8
â
CRSSelect profile
CVE-2025-24325
8.8
IntelMultiple Products
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-24999
8.8
SQLMultiple Products
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network
A vulnerability has been identified in SINUMERIK 828D PPU
CVSS Base8.3
â
CRSSelect profile
CVE-2024-54678
8.2
hasMultiple Products
A vulnerability has been identified in SIMATIC PCS neo V4
CVSS Base8.2
â
CRSSelect profile
CVE-2025-20093
8.2
IntelMultiple Products
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base8.2
â
CRSSelect profile
CVE-2025-42976
8.1
ApplicationMultiple Products
SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error
CVSS Base8.1
â
CRSSelect profile
CVE-2025-3831
8.1
LogMultiple Products
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties
CVSS Base8.1
â
CRSSelect profile
CVE-2025-54063
8
desktopMultiple Products
Cherry Studio is a desktop client that supports for multiple LLM providers
CVSS Base8
â
CRSSelect profile
CVE-2025-22889
7.9
IntelMultiple Products
Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access
CVSS Base7.9
â
CRSSelect profile
CVE-2025-41686
7.8
AMultiple Products
A low-privileged local attacker can exploit improper permissions on nssm
CVSS Base7.8
â
CRSSelect profile
CVE-2025-30033
7.8
affectedMultiple Products
The affected setup component is vulnerable to DLL hijacking
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40759
7.8
SIMATICMultiple Products
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40762
7.8
hasMultiple Products
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40764
7.8
hasMultiple Products
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40767
7.8
hasMultiple Products
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20074
7.8
IntelMultiple Products
Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20109
7.8
IntelMultiple Products
Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access
CVSS Base7.8
â
CRSSelect profile
CVE-2025-22836
7.8
IntelMultiple Products
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-22893
7.8
IntelMultiple Products
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-24303
7.8
IntelMultiple Products
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-24484
7.8
IntelMultiple Products
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-24486
7.8
IntelMultiple Products
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2
CVSS Base7.8
â
CRSSelect profile
CVE-2025-25273
7.8
IntelMultiple Products
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2
CVSS Base7.8
â
CRSSelect profile
CVE-2025-49563
7.8
IllustratorMultiple Products
Illustrator versions 28
CVSS Base7.8
â
CRSSelect profile
CVE-2025-49564
7.8
IllustratorMultiple Products
Illustrator versions 28
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50176
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally