Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 16 critical vulnerabilities and 100 high-priority updates requiring immediate attention.
229 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2023-2533
9.5
PaperCutNG/MF
â° Federal Deadline:August 17, 2025(5 days remaining)
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20337
9.5đ
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(5 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20281
9.5
CiscoIdentity Services Engine
â° Federal Deadline:August 17, 2025(5 days remaining)
Cisco Identity Services Engine Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-8876
9.5
N-ableN-Central
â° Federal Deadline:August 19, 2025(7 days remaining)
N-able N-Central Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-8875
9.5
N-ableN-Central
â° Federal Deadline:August 19, 2025(7 days remaining)
N-able N-Central Insecure Deserialization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-25078
9.5
D-LinkDCS-2530L and DCS-2670L Devices
â° Federal Deadline:August 25, 2025(13 days remaining)
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-25079
9.5
D-LinkDCS-2530L and DCS-2670L Devices
â° Federal Deadline:August 25, 2025(13 days remaining)
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-40799
9.5
D-LinkDNR-322L
â° Federal Deadline:August 25, 2025(13 days remaining)
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-8088
9.5
RARLABWinRAR
â° Federal Deadline:September 1, 2025(20 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2007-0671
9.5
MicrosoftOffice
â° Federal Deadline:September 1, 2025(20 days remaining)
Microsoft Office Excel Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2013-3893
9.5
MicrosoftInternet Explorer
â° Federal Deadline:September 1, 2025(20 days remaining)
Microsoft Internet Explorer Resource Management Errors Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-7384
9.8đ
The Database for Contact FormMultiple Products
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-6715
9.8đ
The LatePoint WordPress plugin beforeMultiple Products
The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allow...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-8059
9.8đ
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within theMultiple Products
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and in...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-53766
9.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-50165
9.8đ
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over aMultiple Products
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-49457
9.6đ
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via networkMultiple Products
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
CVSS Base9.6
â
CRSSelect profile
CVE-2025-25256
9.8đ
An improper neutralization of special elements used in an OS commandMultiple Products
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 throu...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-54382
9.6đ
Cherry Studio is a desktop client that supports for multiple LLMMultiple Products
Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to stream...
CVSS Base9.6
â
CRSSelect profile
CVE-2025-40746
9.1đ
A vulnerability has been identified in SIMATIC RTLS Locating ManagerMultiple Products
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remo...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-8913
9.8đ
Organization Portal System developed by WellChoose has a Local File InclusionMultiple Products
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-50171
9.1đ
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over aMultiple Products
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-55010
9.1đ
Kanboard is project management software that focuses on the KanbanMultiple Products
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users ...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-42950
9.9đ
SAP Landscape TransformationMultiple Products
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code int...
CVSS Base9.9
â
CRSSelect profile
CVE-2025-42957
9.9đ
SAPMultiple Products
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing...
CVSS Base9.9
â
CRSSelect profile
CVE-2025-8760
9.8đ
A vulnerability was identified in INSTARMultiple Products
A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buf...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-50251
9.1
Server side request forgeryMultiple Products
Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2024-26009
8.1đ
FortinetMultiple Products
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6
CVSS Base8.1
â
CRSSelect profile
CVE-2025-49757
8.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-50163
8.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-55345
8.8đ
UsingMultiple Products
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory
CVSS Base8.8
â
CRSSelect profile
CVE-2025-50160
8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-50162
8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-50164
8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-53720
8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-42951
8.8đ
brokenMultiple Products
Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API
CVSS Base8.8
â
CRSSelect profile
CVE-2025-5391
8.1đ
WordPressMultiple Products
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1
CVSS Base8.1
â
CRSSelect profile
CVE-2025-49712
8.8đ
MicrosoftMultiple Products
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53131
8.8đ
UnknownMultiple Products
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8879
8.8đ
GoogleMultiple Products
Heap buffer overflow in libaom in Google Chrome prior to 139
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8882
8.8đ
GoogleMultiple Products
Use after free in Aura in Google Chrome prior to 139
CVSS Base8.8
â
CRSSelect profile
CVE-2025-6184
8.8đ
WordPressMultiple Products
The Tutor LMS Pro â eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the âorderâ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53789
7.8
MissingMultiple Products
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53731
8.4đ
MicrosoftMultiple Products
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-53740
8.4đ
MicrosoftMultiple Products
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-53784
8.4đ
MicrosoftMultiple Products
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-50177
8.1đ
UseMultiple Products
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network
CVSS Base8.1
â
CRSSelect profile
CVE-2025-49761
7.8
UseMultiple Products
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50153
7.8
WindowsMultiple Products
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53133
7.8
UseMultiple Products
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53151
7.8
UseMultiple Products
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53152
7.8
WindowsMultiple Products
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53155
7.8
UnknownMultiple Products
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53730
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53732
7.8
MicrosoftMultiple Products
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53734
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53735
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53737
7.8
MicrosoftMultiple Products
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53738
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53741
7.8
MicrosoftMultiple Products
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53761
7.8
MicrosoftMultiple Products
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-8418
8.8
WordPressMultiple Products
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53143
8.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53144
8.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53145
8.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53778
8.8
ImproperMultiple Products
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8880
8.8
GoogleMultiple Products
Race in V8 in Google Chrome prior to 139
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8901
8.8
GoogleMultiple Products
Out of bounds write in ANGLE in Google Chrome prior to 139
CVSS Base8.8
â
CRSSelect profile
CVE-2025-32451
8.8
FoxitMultiple Products
A memory corruption vulnerability exists in Foxit Reader 2025
CVSS Base8.8
â
CRSSelect profile
CVE-2025-49557
8.7
AdobeMultiple Products
Adobe Commerce versions 2
CVSS Base8.7
â
CRSSelect profile
CVE-2025-53733
8.4
MicrosoftMultiple Products
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally
CVSS Base8.4
â
CRSSelect profile
CVE-2025-55165
8.2
AutocaliwebMultiple Products
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database
CVSS Base8.2
â
CRSSelect profile
CVE-2025-49555
8.1
AdobeMultiple Products
Adobe Commerce versions 2
CVSS Base8.1
â
CRSSelect profile
CVE-2025-53132
8
ConcurrentMultiple Products
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network
CVSS Base8
â
CRSSelect profile
CVE-2025-49707
7.9
ImproperMultiple Products
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally
CVSS Base7.9
â
CRSSelect profile
CVE-2025-50155
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50168
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50170
7.8
ImproperMultiple Products
Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50173
7.8
WeakMultiple Products
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53141
7.8
NullMultiple Products
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53154
7.8
NullMultiple Products
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53723
7.8
NumericMultiple Products
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53724
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53725
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53726
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53729
7.8
ImproperMultiple Products
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53739
7.8
MicrosoftMultiple Products
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53759
7.8
MicrosoftMultiple Products
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-52970
8.1
FortiWebMultiple Products
A improper handling of parameters in Fortinet FortiWeb versions 7
CVSS Base8.1
â
CRSSelect profile
CVE-2025-47954
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-49758
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-49759
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53727
8.8
SQLMultiple Products
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53772
8.8
DeserializationMultiple Products
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-53149
7.8
UnknownMultiple Products
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-24325
8.8
IntelMultiple Products
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-24999
8.8
SQLMultiple Products
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network
CVSS Base8.8
â
CRSSelect profile
CVE-2025-55154
8.8
ImageMagickMultiple Products
ImageMagick is free and open-source software used for editing and manipulating digital images
CVSS Base8.8
â
CRSSelect profile
CVE-2025-6186
8.7
versionsMultiple Products
An issue has been discovered in GitLab CE/EE affecting all versions from 18
CVSS Base8.7
â
CRSSelect profile
CVE-2025-7734
8.7
versionsMultiple Products
An issue has been discovered in GitLab CE/EE affecting all versions from 14
CVSS Base8.7
â
CRSSelect profile
CVE-2025-7739
8.7
versionsMultiple Products
An issue has been discovered in GitLab CE/EE affecting all versions from 18
CVSS Base8.7
â
CRSSelect profile
CVE-2025-40743
8.3
hasMultiple Products
A vulnerability has been identified in SINUMERIK 828D PPU
CVSS Base8.3
â
CRSSelect profile
CVE-2024-54678
8.2
hasMultiple Products
A vulnerability has been identified in SIMATIC PCS neo V4
CVSS Base8.2
â
CRSSelect profile
CVE-2025-20093
8.2
IntelMultiple Products
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base8.2
â
CRSSelect profile
CVE-2025-42976
8.1
ApplicationMultiple Products
SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error
CVSS Base8.1
â
CRSSelect profile
CVE-2025-3831
8.1
LogMultiple Products
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties
CVSS Base8.1
â
CRSSelect profile
CVE-2025-22889
7.9
IntelMultiple Products
Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access
CVSS Base7.9
â
CRSSelect profile
CVE-2025-41686
7.8
AMultiple Products
A low-privileged local attacker can exploit improper permissions on nssm
CVSS Base7.8
â
CRSSelect profile
CVE-2025-30033
7.8
affectedMultiple Products
The affected setup component is vulnerable to DLL hijacking
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40759
7.8
SIMATICMultiple Products
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40762
7.8
hasMultiple Products
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40764
7.8
hasMultiple Products
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406
CVSS Base7.8
â
CRSSelect profile
CVE-2025-40767
7.8
hasMultiple Products
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20074
7.8
IntelMultiple Products
Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40
CVSS Base7.8
â
CRSSelect profile
CVE-2025-20109
7.8
IntelMultiple Products
Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access
CVSS Base7.8
â
CRSSelect profile
CVE-2025-22836
7.8
IntelMultiple Products
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-22893
7.8
IntelMultiple Products
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-24303
7.8
IntelMultiple Products
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-24484
7.8
IntelMultiple Products
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-24486
7.8
IntelMultiple Products
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2
CVSS Base7.8
â
CRSSelect profile
CVE-2025-25273
7.8
IntelMultiple Products
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2
CVSS Base7.8
â
CRSSelect profile
CVE-2025-49563
7.8
IllustratorMultiple Products
Illustrator versions 28
CVSS Base7.8
â
CRSSelect profile
CVE-2025-49564
7.8
IllustratorMultiple Products
Illustrator versions 28
CVSS Base7.8
â
CRSSelect profile
CVE-2025-50176
7.8
AccessMultiple Products
Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53773
7.8
ImproperMultiple Products
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally