Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 10 critical vulnerabilities and 32 high-priority updates requiring immediate attention.
42 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-43300
9.5đ
AppleiOS, iPadOS, and macOS
â° Federal Deadline:September 10, 2025(3 days remaining)
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-48384
9.5
GitGit
â° Federal Deadline:September 14, 2025(7 days remaining)
Git Link Following Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-8068
9.5
CitrixSession Recording
â° Federal Deadline:September 14, 2025(7 days remaining)
Citrix Session Recording Improper Privilege Management Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-8069
9.5
CitrixSession Recording
â° Federal Deadline:September 14, 2025(7 days remaining)
Citrix Session Recording Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-57819
9.5
SangomaFreePBX
â° Federal Deadline:September 18, 2025(11 days remaining)
Sangoma FreePBX Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-24363
9.5
TP-LinkTL-WA855RE
â° Federal Deadline:September 22, 2025(15 days remaining)
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-55177
9.5đ
Meta PlatformsWhatsApp
â° Federal Deadline:September 22, 2025(15 days remaining)
Meta Platforms WhatsApp Incorrect Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-50224
9.5
TP-LinkTL-WR841N
â° Federal Deadline:September 23, 2025(16 days remaining)
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-9377
9.5
TP-LinkMultiple Routers
â° Federal Deadline:September 23, 2025(16 days remaining)
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-38352
9.5
LinuxKernel
â° Federal Deadline:September 24, 2025(17 days remaining)
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-48543
9.5đ
AndroidRuntime
â° Federal Deadline:September 24, 2025(17 days remaining)
Android Runtime Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-53690
9.5đ
SitecoreMultiple Products
â° Federal Deadline:September 24, 2025(17 days remaining)
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-52161
9.8đ
Scholl Communications AG Weblication CMS CoreMultiple Products
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59033
9.8đ
The Microsoft vulnerable driver block list is implemented as Windows Defender Application ControlMultiple Products
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hypervisor-protected code integrity (HVCI) enabled, entries...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-9113
9.8đ
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in theMultiple Products
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.4.8. ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-9114
9.8đ
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions upMultiple Products
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.4.8. This is due to the plugin providing user-controlled access to objects, letting ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-57141
9.8đ
UnknownMultiple Products
rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-58745
9.9đ
WeGIA is a Web manager for charitableMultiple Products
WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at e...
CVSS Base9.9
â
CRSSelect profile
CVE-2025-56266
9.8đ
A Host Header Injection vulnerability in Avigilon ACMMultiple Products
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-56267
9.8đ
A CSV injection vulnerability in theMultiple Products
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-57285
9.8đ
codeceptjsMultiple Products
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without s...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-58746
9đ
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using externalMultiple Products
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious acto...
CVSS Base9
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-9112
8.8đ
WordPressMultiple Products
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-8085
8.6đ
WordPressMultiple Products
The Ditty WordPress plugin before 3
CVSS Base8.6
â
CRSSelect profile
CVE-2025-55849
8.4đ
WeiPHPMultiple Products
WeiPHP v5
CVSS Base8.4
â
CRSSelect profile
CVE-2025-10079
7.3đ
SmallMultiple Products
A flaw has been found in PHPGurukul Small CRM 4
CVSS Base7.3
â
CRSSelect profile
CVE-2025-41664
7.5đ
AMultiple Products
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e
CVSS Base7.5
â
CRSSelect profile
CVE-2025-41682
8.8đ
AnMultiple Products
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password
CVSS Base8.8
â
CRSSelect profile
CVE-2025-36855
8.8đ
A vulnerabilityMultiple Products
A vulnerability ( CVE-2025-21176 https://www
CVSS Base8.8
â
CRSSelect profile
CVE-2025-56265
8.8đ
Chat TriggerMultiple Products
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-52389
8.8đ
InsecureMultiple Products
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40
CVSS Base8.8
â
CRSSelect profile
CVE-2025-36854
8.1đ
A vulnerabilityMultiple Products
A vulnerability ( CVE-2024-38229 https://www
CVSS Base8.1
â
CRSSelect profile
CVE-2025-55998
8.1đ
Smart SearchMultiple Products
A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1
CVSS Base8.1
â
CRSSelect profile
CVE-2025-36853
7.5đ
A vulnerabilityMultiple Products
A vulnerability (CVE-2025-21172) exists in msdia140
CVSS Base7.5
â
CRSSelect profile
CVE-2025-40928
7.5đ
beforeMultiple Products
JSON::XS before version 4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-40930
7.5đ
beforeMultiple Products
JSON::SIMD before version 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-52288
7.5đ
AssertionMultiple Products
Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build
CVSS Base7.5
â
CRSSelect profile
CVE-2025-41708
7.4
unsecureMultiple Products
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface
CVSS Base7.4
â
CRSSelect profile
CVE-2025-10068
7.3
DiscussionMultiple Products
A flaw has been found in itsourcecode Online Discussion Forum 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10076
7.3
PollingMultiple Products
A weakness has been identified in SourceCodester Online Polling System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10077
7.3
PollingMultiple Products
A security vulnerability has been detected in SourceCodester Online Polling System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10078
7.3
PollingMultiple Products
A vulnerability was detected in SourceCodester Online Polling System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10082
7.3
PollingMultiple Products
A vulnerability has been found in SourceCodester Online Polling System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10090
7.3
flawMultiple Products
A flaw has been found in Jinher OA up to 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10091
7.3
hasMultiple Products
A vulnerability has been found in Jinher OA up to 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10092
7.3
wasMultiple Products
A vulnerability was found in Jinher OA up to 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-56630
7.3
FoxCMSMultiple Products
FoxCMS v1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10100
7.3
DiscussionMultiple Products
A vulnerability was detected in SourceCodester Simple Forum Discussion System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10102
7.3
JudgingMultiple Products
A security flaw has been discovered in code-projects Online Event Judging System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10103
7.3
JudgingMultiple Products
A weakness has been identified in code-projects Online Event Judging System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10104
7.3
JudgingMultiple Products
A security vulnerability has been detected in code-projects Online Event Judging System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10108
7.3
ManagementMultiple Products
A vulnerability was found in Campcodes Online Loan Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10109
7.3
ManagementMultiple Products
A vulnerability was determined in Campcodes Online Loan Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10111
7.3
ManagementMultiple Products
A security flaw has been discovered in itsourcecode Student Information Management System 1