Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 1 critical vulnerabilities and 23 high-priority updates requiring immediate attention.
24 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-54948
9.5đ
Trend MicroApex One
â° Federal Deadline:September 7, 2025(1 days remaining)
Trend Micro Apex One OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-43300
9.5đ
AppleiOS, iPadOS, and macOS
â° Federal Deadline:September 10, 2025(4 days remaining)
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-48384
9.5
GitGit
â° Federal Deadline:September 14, 2025(8 days remaining)
Git Link Following Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2024-8068
9.5
CitrixSession Recording
â° Federal Deadline:September 14, 2025(8 days remaining)
Citrix Session Recording Improper Privilege Management Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2024-8069
9.5
CitrixSession Recording
â° Federal Deadline:September 14, 2025(8 days remaining)
Citrix Session Recording Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-57819
9.5
SangomaFreePBX
â° Federal Deadline:September 18, 2025(12 days remaining)
Sangoma FreePBX Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-24363
9.5
TP-LinkTL-WA855RE
â° Federal Deadline:September 22, 2025(16 days remaining)
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-55177
9.5đ
Meta PlatformsWhatsApp
â° Federal Deadline:September 22, 2025(16 days remaining)
Meta Platforms WhatsApp Incorrect Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-50224
9.5
TP-LinkTL-WR841N
â° Federal Deadline:September 23, 2025(17 days remaining)
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-9377
9.5
TP-LinkMultiple Routers
â° Federal Deadline:September 23, 2025(17 days remaining)
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-38352
9.5
LinuxKernel
â° Federal Deadline:September 24, 2025(18 days remaining)
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-48543
9.5đ
AndroidRuntime
â° Federal Deadline:September 24, 2025(18 days remaining)
Android Runtime Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-53690
9.5đ
SitecoreMultiple Products
â° Federal Deadline:September 24, 2025(18 days remaining)
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-8359
9.8đ
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions upMultiple Products
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authent...
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-7040
8.2đ
WordPressMultiple Products
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1
CVSS Base8.2
â
CRSSelect profile
CVE-2024-36354
7.5đ
ImproperMultiple Products
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level
CVSS Base7.5
â
CRSSelect profile
CVE-2025-7366
7.3đ
WordpressMultiple Products
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19
CVSS Base7.3
â
CRSSelect profile
CVE-2025-9515
7.2đ
WordPressMultiple Products
The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1
CVSS Base7.2
â
CRSSelect profile
CVE-2025-58437
8.1đ
CoderMultiple Products
Coder allows organizations to provision remote development environments via Terraform
CVSS Base8.1
â
CRSSelect profile
CVE-2025-10034
8.8đ
D-LinkMultiple Products
A vulnerability was found in D-Link DIR-825 1
CVSS Base8.8
â
CRSSelect profile
CVE-2024-36342
8.8đ
ImproperMultiple Products
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution
CVSS Base8.8
â
CRSSelect profile
CVE-2023-31322
8.7đ
TypeMultiple Products
Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, integrity, or availability
CVSS Base8.7
â
CRSSelect profile
CVE-2024-36326
8.4đ
AMDMultiple Products
Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity
CVSS Base8.4
â
CRSSelect profile
CVE-2024-36352
8.4đ
AMDMultiple Products
Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service
CVSS Base8.4
â
CRSSelect profile
CVE-2025-58370
8.1đ
RooMultiple Products
Roo Code is an AI-powered autonomous coding agent that lives in users' editors
CVSS Base8.1
â
CRSSelect profile
CVE-2025-58372
8.1đ
RooMultiple Products
Roo Code is an AI-powered autonomous coding agent that lives in users' editors
CVSS Base8.1
â
CRSSelect profile
CVE-2025-58439
8.1đ
ERPMultiple Products
ERP is a free and open source Enterprise Resource Planning tool
CVSS Base8.1
â
CRSSelect profile
CVE-2021-26383
7.9đ
AMDMultiple Products
Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability
CVSS Base7.9
â
CRSSelect profile
CVE-2025-58374
7.8đ
RooMultiple Products
Roo Code is an AI-powered autonomous coding agent that lives in users' editors
CVSS Base7.8
â
CRSSelect profile
CVE-2024-21947
7.5
ImproperMultiple Products
Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level
CVSS Base7.5
â
CRSSelect profile
CVE-2025-10030
7.3
InventoryMultiple Products
A weakness has been identified in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10031
7.3
InventoryMultiple Products
A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10033
7.3
DiscussionMultiple Products
A vulnerability has been found in itsourcecode Online Discussion Forum 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10062
7.3
ManagementMultiple Products
A vulnerability was determined in itsourcecode Student Information Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10068
7.3
DiscussionMultiple Products
A flaw has been found in itsourcecode Online Discussion Forum 1
CVSS Base7.3
â
CRSSelect profile
CVE-2023-31325
7.2
ImproperMultiple Products
Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of confidentiality and integrity
CVSS Base7.2
â
CRSSelect profile
CVE-2025-0032
7.2
AMDMultiple Products
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution