CVE-2025-10585
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
This curated brief highlights 9 critical vulnerabilities and 50 high-priority updates requiring immediate attention.
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable...
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attack...
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root d...
A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution ...
Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints p...
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior...
The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management fun...
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
IBM Security Verify Access and IBM Security Verify Access Docker 10
IBM Security Verify Access and IBM Security Verify Access Docker 10
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework
An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1
A security vulnerability has been detected in Belkin F9K1015 1
A vulnerability was detected in Belkin F9K1015 1
A flaw has been found in Belkin F9K1015 1
A vulnerability has been found in Belkin F9K1015 1
A vulnerability was found in Belkin F9K1015 1
A vulnerability was identified in Belkin F9K1015 1
A security flaw has been discovered in Belkin F9K1015 1
A weakness has been identified in Belkin F9K1015 1
A security vulnerability has been detected in Belkin F9K1015 1
A vulnerability has been found in UTT HiPER 840G up to 3
A vulnerability was determined in UTT 1250GW up to v2v3
A vulnerability was identified in Tenda AC18 15
A security flaw has been discovered in Tenda AC18 15
A weakness has been identified in Tenda AC18 15
A security vulnerability has been detected in Tenda AC18 15
A vulnerability was detected in Tenda AC18 15
A flaw has been found in D-Link DI-7100G C1 up to 20250928
A vulnerability has been found in D-Link DI-7100G C1 up to 20250928
Flowise is a drag & drop user interface to build a customized large language model flow
Flowise before 3
Flowise before 3
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries
The HTMLSectionSplitter class in langchain-text-splitters version 0
A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3
A vulnerability was identified in samanhappy MCPHub up to 0
A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
A flaw has been found in code-projects Online Course Registration 1
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1
A security flaw has been discovered in Jinher OA up to 2
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4
A security vulnerability has been detected in code-projects Student Crud Operation 3