Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 3 critical vulnerabilities and 15 high-priority updates requiring immediate attention.
18 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2020-25078
9.5
D-LinkDCS-2530L and DCS-2670L Devices
â° Federal Deadline:August 25, 2025(2 days remaining)
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2020-25079
9.5
D-LinkDCS-2530L and DCS-2670L Devices
â° Federal Deadline:August 25, 2025(2 days remaining)
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2022-40799
9.5
D-LinkDNR-322L
â° Federal Deadline:August 25, 2025(2 days remaining)
D-Link DNR-322L Download of Code Without Integrity Check Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-8088
9.5
RARLABWinRAR
â° Federal Deadline:September 1, 2025(9 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2007-0671
9.5
MicrosoftOffice
â° Federal Deadline:September 1, 2025(9 days remaining)
Microsoft Office Excel Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2013-3893
9.5
MicrosoftInternet Explorer
â° Federal Deadline:September 1, 2025(9 days remaining)
Microsoft Internet Explorer Resource Management Errors Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54948
9.5đ
Trend MicroApex One
â° Federal Deadline:September 7, 2025(15 days remaining)
Trend Micro Apex One OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-43300
9.5đ
AppleiOS, iPadOS, and macOS
â° Federal Deadline:September 10, 2025(18 days remaining)
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-7642
9.8đ
The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versionsMultiple Products
The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly verifying a user's identity prior to logging them in...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-5821
9.8đ
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions upMultiple Products
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-36157
9.8đ
IBM Jazz FoundationMultiple Products
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to p...
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-5060
8.1đ
WordPressMultiple Products
The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1
CVSS Base8.1
â
CRSSelect profile
CVE-2025-9048
8.1đ
WordPressMultiple Products
The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call() function in all versions up to, and including, 3
CVSS Base8.1
â
CRSSelect profile
CVE-2025-7813
7.2đ
WordPressMultiple Products
The Events Calendar, Event Booking, Registrations and Event Tickets â Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4
CVSS Base7.2
â
CRSSelect profile
CVE-2025-9357
8.8đ
LinksysMultiple Products
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-9358
8.8đ
LinksysMultiple Products
A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-9359
8.8đ
LinksysMultiple Products
A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-9360
8.8đ
LinksysMultiple Products
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-9361
8.8đ
LinksysMultiple Products
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-9363
8.8đ
LinksysMultiple Products
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-9392
8.8đ
LinksysMultiple Products
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-9393
8.8đ
LinksysMultiple Products
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-5352
8.1đ
criticalMultiple Products
A critical stored Cross-Site Scripting (XSS) vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1
CVSS Base8.1
â
CRSSelect profile
CVE-2025-36174
8đ
IBMMultiple Products
IBM Integrated Analytics System 1
CVSS Base8
â
CRSSelect profile
CVE-2025-9380
7.8đ
CCTVMultiple Products
A vulnerability was identified in FNKvision Y215 CCTV Camera 10