Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
This curated brief highlights 3 critical vulnerabilities and 33 high-priority updates requiring immediate attention.
36 total vulnerabilities disclosed in last 24 hours
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-5086
9.5
Dassault SystèmesDELMIA Apriso
β° Federal Deadline:October 1, 2025(3 days remaining)
Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-10585
9.5π
GoogleChromium V8
β° Federal Deadline:October 13, 2025(15 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-32463
9.5
SudoSudo
β° Federal Deadline:October 19, 2025(21 days remaining)
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-59689
9.5
LibraesvaEmail Security Gateway
β° Federal Deadline:October 19, 2025(21 days remaining)
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-10035
9.5π
FortraGoAnywhere MFT
β° Federal Deadline:October 19, 2025(21 days remaining)
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-20352
9.5π
CiscoIOS and IOS XE
β° Federal Deadline:October 19, 2025(21 days remaining)
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2021-21311
9.5
AdminerAdminer
β° Federal Deadline:October 19, 2025(21 days remaining)
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2024-13150
9.8π
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.This issue affects fay...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-11126
9.8π
A security flaw has been discovered in ApemanMultiple Products
A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The a...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-8868
9.8π
In Progress ChefMultiple Products
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via
im...
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-41246
7.6π
VMwareMultiple Products
VMware Tools for Windows contains an improper authorisationΒ vulnerability due to the way it handles user access controls
CVSS Base7.6
β
CRSSelect profile
CVE-2025-41250
8.5π
VMwareMultiple Products
VMware vCenter contains an SMTP header injection vulnerability
CVSS Base8.5
β
CRSSelect profile
CVE-2025-41244
7.8π
VMwareMultiple Products
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability
CVSS Base7.8
β
CRSSelect profile
CVE-2025-41251
8.1π
VMwareMultiple Products
VMware NSX contains a weak password recovery mechanism vulnerability
CVSS Base8.1
β
CRSSelect profile
CVE-2025-41252
7.5π
VMwareMultiple Products
Description: VMware NSX contains a username enumeration vulnerability
CVSS Base7.5
β
CRSSelect profile
CVE-2025-11130
8.4π
weaknessMultiple Products
A weakness has been identified in iHongRen pptp-vpn 1
CVSS Base8.4
β
CRSSelect profile
CVE-2025-11091
8.8π
securityMultiple Products
A security flaw has been discovered in Tenda AC21 up to 16
CVSS Base8.8
β
CRSSelect profile
CVE-2025-11117
8.8π
wasMultiple Products
A vulnerability was determined in Tenda CH22 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-11120
8.8π
weaknessMultiple Products
A weakness has been identified in Tenda AC8 16
CVSS Base8.8
β
CRSSelect profile
CVE-2025-11122
8.8π
wasMultiple Products
A vulnerability was detected in Tenda AC18 15
CVSS Base8.8
β
CRSSelect profile
CVE-2025-11123
8.8π
flawMultiple Products
A flaw has been found in Tenda AC18 15
CVSS Base8.8
β
CRSSelect profile
CVE-2025-6724
8.8π
earlierMultiple Products
In Progress Chef Automate, versions earlier than 4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-48006
8.2π
DataSpiderMultiple Products
Improper restriction of XML external entity reference issue exists in DataSpider Servista 4
CVSS Base8.2
β
CRSSelect profile
CVE-2025-57483
8.1π
reflectedMultiple Products
A reflected cross-site scripting (XSS) vulnerability in tawk
CVSS Base8.1
β
CRSSelect profile
CVE-2025-35030
8.1π
InformaticsMultiple Products
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user
CVSS Base8.1
β
CRSSelect profile
CVE-2025-51495
7.5
integerMultiple Products
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7
CVSS Base7.5
β
CRSSelect profile
CVE-2025-11089
7.3
wasMultiple Products
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11094
7.3
CommerceMultiple Products
A security vulnerability has been detected in code-projects E-Commerce Website 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11101
7.3
JobMultiple Products
A security flaw has been discovered in itsourcecode Open Source Job Portal 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11102
7.3
ManagementMultiple Products
A weakness has been identified in Campcodes Online Learning Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11105
7.3
SchedulingMultiple Products
A flaw has been found in code-projects Simple Scheduling System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11106
7.3
SchedulingMultiple Products
A vulnerability has been found in code-projects Simple Scheduling System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11107
7.3
SchedulingMultiple Products
A vulnerability was found in code-projects Simple Scheduling System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11108
7.3
SchedulingMultiple Products
A vulnerability was determined in code-projects Simple Scheduling System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11109
7.3
InventoryMultiple Products
A vulnerability was identified in Campcodes Computer Sales and Inventory System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11110
7.3
ManagementMultiple Products
A security flaw has been discovered in Campcodes Online Learning Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11111
7.3
ManagementMultiple Products
A weakness has been identified in Campcodes Advanced Online Voting Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11115
7.3
SchedulingMultiple Products
A vulnerability has been found in code-projects Simple Scheduling System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11116
7.3
SchedulingMultiple Products
A vulnerability was found in code-projects Simple Scheduling System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11118
7.3
GradingMultiple Products
A vulnerability was identified in CodeAstro Student Grading System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11135
7.3
wasMultiple Products
A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11140
7.3
wasMultiple Products
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11
CVSS Base7.3
β
CRSSelect profile
CVE-2025-57424
7.3
storedMultiple Products
A stored cross-site scripting (XSS) vulnerability exists in the MyCourts v3 application within the LTA number profile field