Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 13 critical vulnerabilities and 49 high-priority updates requiring immediate attention.
62 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEV
CVE-2025-10585
9.5đ
GoogleChromium V8
â° Federal Deadline:October 13, 2025(12 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-32463
9.5
SudoSudo
â° Federal Deadline:October 19, 2025(18 days remaining)
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59689
9.5
LibraesvaEmail Security Gateway
â° Federal Deadline:October 19, 2025(18 days remaining)
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-10035
9.5đ
FortraGoAnywhere MFT
â° Federal Deadline:October 19, 2025(18 days remaining)
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-20352
9.5đ
CiscoIOS and IOS XE
â° Federal Deadline:October 19, 2025(18 days remaining)
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-21311
9.5
AdminerAdminer
â° Federal Deadline:October 19, 2025(18 days remaining)
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2014-6278
9.5
GNUGNU Bash
â° Federal Deadline:October 22, 2025(21 days remaining)
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2017-1000353
9.5
JenkinsJenkins
â° Federal Deadline:October 22, 2025(21 days remaining)
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2015-7755
9.5
JuniperScreenOS
â° Federal Deadline:October 22, 2025(21 days remaining)
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-21043
9.5
SamsungMobile Devices
â° Federal Deadline:October 22, 2025(21 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-4008
9.5
SmartbeddedMeteobridge
â° Federal Deadline:October 22, 2025(21 days remaining)
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-59742
9.8đ
SQL injection vulnerability inMultiple Products
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59743
9.8đ
SQL injection vulnerability inMultiple Products
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-9697
9.8đ
The Ajax WooSearch WordPress plugin throughMultiple Products
The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59407
9.8đ
The Flock Safety DetectionProcessingMultiple Products
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a...
CVSS Base9.8
â
CRSSelect profile
CVE-2020-36852
9.1đ
The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions upMultiple Products
The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of suff...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-61622
9.8đ
Deserialization of untrusted data in python in pyfory versionsMultiple Products
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulner...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59735
9.8đ
Operating system command injection vulnerability inMultiple Products
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59736
9.8đ
Operating system command injection vulnerability inMultiple Products
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59737
9.8đ
Operating system command injection vulnerability inMultiple Products
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59738
9.8đ
Operating system command injection vulnerability inMultiple Products
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59739
9.8đ
Operating system command injection vulnerability inMultiple Products
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59740
9.8đ
Operating system command injection vulnerability inMultiple Products
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-59741
9.8đ
Operating system command injection vulnerability inMultiple Products
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela...
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-11020
8.8đ
obtainMultiple Products
An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux
CVSS Base8.8
â
CRSSelect profile
CVE-2025-23297
7.8đ
NVIDIAMultiple Products
NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory
CVSS Base7.8
â
CRSSelect profile
CVE-2025-61582
7.5đ
UnknownMultiple Products
TS3 Manager is modern web interface for maintaining Teamspeak3 servers
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59409
7.5đ
FlockMultiple Products
Flock Safety Falcon and Sparrow License Plate Readers OPM1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61733
7.5đ
Apache AuthenticationMultiple Products
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin
CVSS Base7.5
â
CRSSelect profile
CVE-2025-20371
7.5đ
versionsMultiple Products
In Splunk Enterprise versions below 10
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59531
7.5đ
KubernetesMultiple Products
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59537
7.5đ
KubernetesMultiple Products
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59538
7.5đ
KubernetesMultiple Products
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61734
7.5đ
Apache Files orMultiple Products
Files or Directories Accessible to External Parties vulnerability in Apache Kylin
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61735
7.3đ
UnknownMultiple Products
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin
CVSS Base7.3
â
CRSSelect profile
CVE-2025-32942
7.2đ
TectiaMultiple Products
SSH Tectia Server before 6
CVSS Base7.2
â
CRSSelect profile
CVE-2023-28760
7.5đ
TP-LinkMultiple Products
TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad
CVSS Base7.5
â
CRSSelect profile
CVE-2025-58775
7.8đ
STUDIOMultiple Products
KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-59684
8.8đ
DigiSignerMultiple Products
DigiSign DigiSigner ONE 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-56515
8.8
Fiora chatMultiple Products
File upload vulnerability in Fiora chat application 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-28357
8.8
Neto CMS A CRLFMultiple Products
A CRLF injection vulnerability in Neto CMS v6
CVSS Base8.8
â
CRSSelect profile
CVE-2025-57393
8.8
ApplicationMultiple Products
A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow Application Versions 7337 Account v2
CVSS Base8.8
â
CRSSelect profile
CVE-2025-60991
8.8
Codazon MagentoMultiple Products
A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-56588
8.8
DolibarrMultiple Products
Dolibarr ERP & CRM v21
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11221
8.8
GTONE ChangeFlowMultiple Products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not Properly Constrained by ACLs
CVSS Base8.8
â
CRSSelect profile
CVE-2025-10653
8.6
unauthenticatedMultiple Products
An unauthenticated debug port may allow access to the device file system
CVSS Base8.6
â
CRSSelect profile
CVE-2025-52039
8.2
FrappeMultiple Products
In Frappe ERPNext 15
CVSS Base8.2
â
CRSSelect profile
CVE-2025-52040
8.2
FrappeMultiple Products
In Frappe ERPNext 15
CVSS Base8.2
â
CRSSelect profile
CVE-2025-52041
8.2
FrappeMultiple Products
In Frappe ERPNext 15
CVSS Base8.2
â
CRSSelect profile
CVE-2025-52042
8.2
FrappeMultiple Products
In Frappe ERPNext 15
CVSS Base8.2
â
CRSSelect profile
CVE-2025-46205
8.1
AMultiple Products
A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0
CVSS Base8.1
â
CRSSelect profile
CVE-2024-58267
8
RancherMultiple Products
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks
CVSS Base8
â
CRSSelect profile
CVE-2025-58776
7.8
StudioMultiple Products
KV Studio versions 12
CVSS Base7.8
â
CRSSelect profile
CVE-2025-58777
7.8
StudioMultiple Products
VT Studio versions 8
CVSS Base7.8
â
CRSSelect profile
CVE-2025-61690
7.8
STUDIOMultiple Products
KV STUDIO versions 12
CVSS Base7.8
â
CRSSelect profile
CVE-2025-61691
7.8
STUDIOMultiple Products
VT STUDIO versions 8
CVSS Base7.8
â
CRSSelect profile
CVE-2025-61692
7.8
STUDIOMultiple Products
VT STUDIO versions 8
CVSS Base7.8
â
CRSSelect profile
CVE-2024-58260
7.6
RancherMultiple Products
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `
CVSS Base7.6
â
CRSSelect profile
CVE-2025-59147
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59148
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59150
7.5
NSMMultiple Products
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59744
7.5
Path traversalMultiple Products
Path traversal vulnerability in AndSoft's e-TMS v25
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59745
7.5
cryptographicMultiple Products
Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25
CVSS Base7.5
â
CRSSelect profile
CVE-2025-56161
7.5
YOSHOPMultiple Products
YOSHOP 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-60660
7.5
TendaMultiple Products
Tenda AC18 V15
CVSS Base7.5
â
CRSSelect profile
CVE-2025-60662
7.5
TendaMultiple Products
Tenda AC18 V15
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59405
7.5
FlockMultiple Products
The Flock Safety Peripheral com
CVSS Base7.5
â
CRSSelect profile
CVE-2025-60663
7.5
TendaMultiple Products
Tenda AC18 V15
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61600
7.5
collaborationMultiple Products
Stalwart is a mail and collaboration server
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59681
7.1
issueMultiple Products
An issue was discovered in Django 4
CVSS Base7.1
â
CRSSelect profile
CVE-2025-54811
7.1
enipThreadMultiple Products
OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value