CVE-2025-43300
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
This curated brief highlights 36 critical vulnerabilities and 100 high-priority updates requiring immediate attention.
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Git Link Following Vulnerability - Active in CISA KEV catalog.
Citrix Session Recording Improper Privilege Management Vulnerability - Active in CISA KEV catalog.
Citrix Session Recording Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
Sangoma FreePBX Authentication Bypass Vulnerability - Active in CISA KEV catalog.
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
Meta Platforms WhatsApp Incorrect Authorization Vulnerability - Active in CISA KEV catalog.
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability - Active in CISA KEV catalog.
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability - Active in CISA KEV catalog.
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability - Active in CISA KEV catalog.
Android Runtime Use-After-Free Vulnerability - Active in CISA KEV catalog.
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execu...
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or...
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to use an SQL database as stor...
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compro...
OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the ...
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote ...
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone_import_pack_restore_data() function in a...
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this t...
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter...
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes paramet...
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ...
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the co...
A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs...
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the `pms_image_proxy` endpoint to write a...
An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email...
Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at `/api/v2/hoverfly/middleware`...
halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url.
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserializa...
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldN...
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2.
CWE-1392: Use of Default Credentials
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a...
The Ampâed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access.
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard. This issue affects Material Dashboard: from n/a through 1.4.6.
Multiple CWE-78
CWE-1242: Inclusion of Undocumented Features
The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as a...
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows Code Injection. This issue affects Mow: from n/a through 4.10.
DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using `innerHTML` to set user conte...
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as w...
A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an att...
A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. ...
Use of Default Cryptographic Key (CWE-1394)
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary co...
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion
Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection
Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core allows Object Injection
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67
The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2
Use after free in Serviceworker in Google Chrome on Desktop prior to 140
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally
Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally
A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025
An open database issue exists in the affected product and version
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause âWrite-what-where Conditionâ and âExposure of Sensitive Information to an Unauthorized Actorâ through local access
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group
The AutomatorWP â Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwp_ajax_import_automation_from_url function in all versions up to, and including, 5
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally
Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally
Sunshine for Windows, version v2025
Acrobat Reader versions 24
Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6
Adobe Experience Manager versions 6
The WP Import â Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all versions up to, and including, 7
XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat
Dell PowerProtect Data Manager, Hyper-V, version(s) 19
Dell PowerProtect Data Manager, version(s) 19
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19
Dell PowerProtect Data Manager, version(s) 19
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution
Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution
OS Command injection vulnerability in function OperateSSH in 1panel 2
Tautulli is a Python based monitoring and tracking tool for Plex Media Server
Tautulli is a Python based monitoring and tracking tool for Plex Media Server
Tautulli is a Python based monitoring and tracking tool for Plex Media Server
When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection
Missing authorization in Ivanti Connect Secure before 22
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging
A vulnerability was detected in Tenda AC20 up to 16
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9
Missing authorization in Ivanti Connect Secure before 22
Missing authorization in Ivanti Connect Secure before 22
CSRF in Ivanti Connect Secure before 22
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network
SMB Server might be susceptible to relay attacks depending on the configuration
A weakness has been identified in UTT 1200GW up to 3
A security vulnerability has been detected in UTT 1200GW up to 3
A vulnerability was detected in UTT 1250GW up to 3
A flaw has been found in UTT 750W up to 3
The upload endpoint insufficiently validates the 'Upload-Key' request header
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical
Dreamweaver Desktop versions 21
CWE-798 Use of Hard-coded Credentials
Intelbras IWR 3000N 1
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server
An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally
Premiere Pro versions 25
Substance3D - Viewer versions 0
Substance3D - Viewer versions 0
Substance3D - Viewer versions 0
Substance3D - Modeler versions 1
Substance3D - Modeler versions 1
Substance3D - Modeler versions 1
The eudskacs
BenimPOS Masaustu 3
Missing authorization in Ivanti Connect Secure before 22