Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 1 critical vulnerabilities and 14 high-priority updates requiring immediate attention.
15 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-48384
9.5
GitGit
â° Federal Deadline:September 14, 2025(1 days remaining)
Git Link Following Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-8068
9.5
CitrixSession Recording
â° Federal Deadline:September 14, 2025(1 days remaining)
Citrix Session Recording Improper Privilege Management Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2024-8069
9.5
CitrixSession Recording
â° Federal Deadline:September 14, 2025(1 days remaining)
Citrix Session Recording Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-57819
9.5
SangomaFreePBX
â° Federal Deadline:September 18, 2025(5 days remaining)
Sangoma FreePBX Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2020-24363
9.5
TP-LinkTL-WA855RE
â° Federal Deadline:September 22, 2025(9 days remaining)
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-55177
9.5đ
Meta PlatformsWhatsApp
â° Federal Deadline:September 22, 2025(9 days remaining)
Meta Platforms WhatsApp Incorrect Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-50224
9.5
TP-LinkTL-WR841N
â° Federal Deadline:September 23, 2025(10 days remaining)
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-9377
9.5
TP-LinkMultiple Routers
â° Federal Deadline:September 23, 2025(10 days remaining)
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-38352
9.5
LinuxKernel
â° Federal Deadline:September 24, 2025(11 days remaining)
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-48543
9.5đ
AndroidRuntime
â° Federal Deadline:September 24, 2025(11 days remaining)
Android Runtime Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-53690
9.5đ
SitecoreMultiple Products
â° Federal Deadline:September 24, 2025(11 days remaining)
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-5086
9.5
Dassault SystèmesDELMIA Apriso
â° Federal Deadline:October 1, 2025(18 days remaining)
Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-10392
9.8đ
A vulnerability was detected in MercuryMultiple Products
A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-...
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-10402
7.3đ
ManagementMultiple Products
A flaw has been found in PHPGurukul Beauty Parlour Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10403
7.3đ
ManagementMultiple Products
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10385
8.8đ
hasMultiple Products
A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-59363
7.7đ
OneLoginMultiple Products
In One Identity OneLogin before 2025
CVSS Base7.7
â
CRSSelect profile
CVE-2025-10358
7.3đ
securityMultiple Products
A security vulnerability has been detected in Wavlink WL-WN578W2 221110
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10359
7.3đ
wasMultiple Products
A vulnerability was detected in Wavlink WL-WN578W2 221110
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10371
7.3đ
SaliaMultiple Products
A security flaw has been discovered in eCharge Hardy Barth Salia PLCC 2
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10374
7.3đ
ManagementMultiple Products
A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10396
7.3đ
ManagementMultiple Products
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10404
7.3đ
ManagementMultiple Products
A vulnerability was found in itsourcecode Baptism Information Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10405
7.3đ
ManagementMultiple Products
A vulnerability was determined in itsourcecode Baptism Information Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10413
7.3đ
InventoryMultiple Products
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10414
7.3đ
InventoryMultiple Products
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-10415
7.3đ
InventoryMultiple Products
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1