Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
This curated brief highlights 8 critical vulnerabilities and 37 high-priority updates requiring immediate attention.
45 total vulnerabilities disclosed in last 24 hours
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-57819
9.5
SangomaFreePBX
β° Federal Deadline:September 18, 2025(4 days remaining)
Sangoma FreePBX Authentication Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2020-24363
9.5
TP-LinkTL-WA855RE
β° Federal Deadline:September 22, 2025(8 days remaining)
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-55177
9.5π
Meta PlatformsWhatsApp
β° Federal Deadline:September 22, 2025(8 days remaining)
Meta Platforms WhatsApp Incorrect Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2023-50224
9.5
TP-LinkTL-WR841N
β° Federal Deadline:September 23, 2025(9 days remaining)
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-9377
9.5
TP-LinkMultiple Routers
β° Federal Deadline:September 23, 2025(9 days remaining)
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-38352
9.5
LinuxKernel
β° Federal Deadline:September 24, 2025(10 days remaining)
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48543
9.5π
AndroidRuntime
β° Federal Deadline:September 24, 2025(10 days remaining)
Android Runtime Use-After-Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-53690
9.5π
SitecoreMultiple Products
β° Federal Deadline:September 24, 2025(10 days remaining)
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-5086
9.5
Dassault SystèmesDELMIA Apriso
β° Federal Deadline:October 1, 2025(17 days remaining)
Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2025-10452
9.8π
Statistical Database System developed by Gotac has a Missing AuthenticationMultiple Products
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privi...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-59359
9.8π
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS commandMultiple Products
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code ex...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-59360
9.8π
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS commandMultiple Products
The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote cod...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-59361
9.8π
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS commandMultiple Products
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote cod...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-10392
9.8π
A vulnerability was detected in MercuryMultiple Products
A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-10432
9.8π
A vulnerability was found in TendaMultiple Products
A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing ...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-52053
9.8π
TOTOLINKMultiple Products
TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attacke...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-57174
9.8π
An issue was discovered in Siklu Communications EtherhaulMultiple Products
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 w...
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-10491
7.8π
MongoDBMultiple Products
The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking
CVSS Base7.8
β
CRSSelect profile
CVE-2025-10402
7.3π
ManagementMultiple Products
A flaw has been found in PHPGurukul Beauty Parlour Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10403
7.3π
ManagementMultiple Products
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-56710
7.3π
AMultiple Products
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Management-System-Using-PHP-V2
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10459
7.3π
ManagementMultiple Products
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-59358
7.5π
KubernetesMultiple Products
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service
CVSS Base7.5
β
CRSSelect profile
CVE-2025-10385
8.8π
hasMultiple Products
A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-10443
8.8π
wasMultiple Products
A vulnerability was identified in Tenda AC9 and AC15 15
CVSS Base8.8
β
CRSSelect profile
CVE-2025-50110
8.8π
issueMultiple Products
An issue was discovered in the method push
CVSS Base8.8
β
CRSSelect profile
CVE-2025-50944
8.8π
issueMultiple Products
An issue was discovered in the method push
CVSS Base8.8
β
CRSSelect profile
CVE-2025-59332
8.6π
UnknownMultiple Products
3DAlloy is a lightWeight 3D-viewer for MediaWiki
CVSS Base8.6
β
CRSSelect profile
CVE-2025-10203
7.8π
RelativeMultiple Products
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution
CVSS Base7.8
β
CRSSelect profile
CVE-2025-59363
7.7π
OneLoginMultiple Products
In One Identity OneLogin before 2025
CVSS Base7.7
β
CRSSelect profile
CVE-2025-9072
7.6π
MattermostMultiple Products
Mattermost versions 10
CVSS Base7.6
β
CRSSelect profile
CVE-2025-59375
7.5π
ExpatMultiple Products
libexpat in Expat before 2
CVSS Base7.5
β
CRSSelect profile
CVE-2025-10396
7.3π
ManagementMultiple Products
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10404
7.3π
ManagementMultiple Products
A vulnerability was found in itsourcecode Baptism Information Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10405
7.3π
ManagementMultiple Products
A vulnerability was determined in itsourcecode Baptism Information Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10413
7.3π
InventoryMultiple Products
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10414
7.3π
InventoryMultiple Products
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10415
7.3π
InventoryMultiple Products
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10416
7.3
InventoryMultiple Products
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10417
7.3
InventoryMultiple Products
A security flaw has been discovered in Campcodes Grocery Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10424
7.3
determinedMultiple Products
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10425
7.3
identifiedMultiple Products
A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10426
7.3
ManagementMultiple Products
A security flaw has been discovered in itsourcecode Online Laundry Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10435
7.3
InventoryMultiple Products
A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10436
7.3
InventoryMultiple Products
A weakness has been identified in Campcodes Computer Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10444
7.3
FinderMultiple Products
A security flaw has been discovered in Campcodes Online Job Finder System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10445
7.3
InventoryMultiple Products
A weakness has been identified in Campcodes Computer Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10446
7.3
InventoryMultiple Products
A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-3025
7.3
CCleanerMultiple Products
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10447
7.3
FinderMultiple Products
A vulnerability was detected in Campcodes Online Job Finder System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10448
7.3
FinderMultiple Products
A flaw has been found in Campcodes Online Job Finder System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-57248
7.3
nullMultiple Products
A null pointer dereference vulnerability was discovered in SumatraPDF 3
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10479
7.3
ManagementMultiple Products
A security flaw has been discovered in SourceCodester Online Student File Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-10482
7.3
ManagementMultiple Products
A vulnerability was detected in SourceCodester Online Student File Management System 1