Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Archived Security Brief
This curated brief highlights 12 critical vulnerabilities and 82 high-priority updates requiring immediate attention.
94 total vulnerabilities disclosed in last 24 hours
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2025-10585
9.5📝
GoogleChromium V8
⏰ Federal Deadline:October 13, 2025(7 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-32463
9.5
SudoSudo
⏰ Federal Deadline:October 19, 2025(13 days remaining)
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-59689
9.5
LibraesvaEmail Security Gateway
⏰ Federal Deadline:October 19, 2025(13 days remaining)
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-10035
9.5📝
FortraGoAnywhere MFT
⏰ Federal Deadline:October 19, 2025(13 days remaining)
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-20352
9.5📝
CiscoIOS and IOS XE
⏰ Federal Deadline:October 19, 2025(13 days remaining)
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2021-21311
9.5
AdminerAdminer
⏰ Federal Deadline:October 19, 2025(13 days remaining)
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2014-6278
9.5
GNUGNU Bash
⏰ Federal Deadline:October 22, 2025(16 days remaining)
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2017-1000353
9.5
JenkinsJenkins
⏰ Federal Deadline:October 22, 2025(16 days remaining)
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2015-7755
9.5
JuniperScreenOS
⏰ Federal Deadline:October 22, 2025(16 days remaining)
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-21043
9.5
SamsungMobile Devices
⏰ Federal Deadline:October 22, 2025(16 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-4008
9.5
SmartbeddedMeteobridge
⏰ Federal Deadline:October 22, 2025(16 days remaining)
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2021-22555
9.5
LinuxKernel
⏰ Federal Deadline:October 26, 2025(20 days remaining)
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2010-3962
9.5
MicrosoftInternet Explorer
⏰ Federal Deadline:October 26, 2025(20 days remaining)
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2021-43226
9.5
MicrosoftWindows
⏰ Federal Deadline:October 26, 2025(20 days remaining)
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2013-3918
9.5
MicrosoftWindows
⏰ Federal Deadline:October 26, 2025(20 days remaining)
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2011-3402
9.5
MicrosoftWindows
⏰ Federal Deadline:October 26, 2025(20 days remaining)
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2010-3765
9.5
MozillaMultiple Products
⏰ Federal Deadline:October 26, 2025(20 days remaining)
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-61882
9.5📝
OracleE-Business Suite
⏰ Federal Deadline:October 26, 2025(20 days remaining)
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-27915
9.5
SynacorZimbra Collaboration Suite (ZCS)
⏰ Federal Deadline:October 27, 2025(21 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
🚨
Critical Vulnerabilities
CVE-2025-44823
9.9📝
Nagios Log Server beforeMultiple Products
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
CVSS Base9.9
→
CRSSelect profile
CVE-2023-49886
9.8📝
IBM Standards Processing EngineMultiple Products
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attack...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-36356
9.3📝
IBM Security Verify Access and IBM Security Verify Access DockerMultiple Products
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root d...
CVSS Base9.3
→
CRSSelect profile
CVE-2025-57515
9.8📝
A SQL injection vulnerability has been identified in Uniclare Student PortalMultiple Products
A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution ...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-61777
9.4📝
Flag Forge is a Capture The FlagMultiple Products
Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints p...
CVSS Base9.4
→
CRSSelect profile
CVE-2025-0603
9.8📝
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This iss...
Improper Resource Locking vulnerability in B&R Industrial Automation Automation Runtime.This issue affects Automation Runtime: from 6.0 before 6.3, before Q4.93.
CVSS Base10
→
CRSSelect profile
CVE-2025-60957
9.9📝
OS Command Injection vulnerability in EndRun Technologies SonomaMultiple Products
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
CVSS Base9.9
→
CRSSelect profile
CVE-2025-59159
9.6📝
SillyTavern is a locally installed user interface that allows users to interact with text generation large languageMultiple Products
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior...
CVSS Base9.6
→
CRSSelect profile
CVE-2025-57247
9.1📝
The BATBToken smart contractMultiple Products
The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management fun...
CVSS Base9.1
→
CRSSelect profile
CVE-2025-60964
9.1📝
OS Command Injection vulnerability in EndRun Technologies SonomaMultiple Products
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
CVSS Base9.1
→
CRSSelect profile
CVE-2025-60965
9.1📝
OS Command Injection vulnerability in EndRun Technologies SonomaMultiple Products
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain es...
CVSS Base9.1
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2025-10162
7.5📝
WordPressMultiple Products
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack
CVSS Base7.5
→
CRSSelect profile
CVE-2025-11462
7.8📝
VPNMultiple Products
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1
CVSS Base7.8
→
CRSSelect profile
CVE-2025-44824
8.5📝
LogMultiple Products
Nagios Log Server before 2024R1
CVSS Base8.5
→
CRSSelect profile
CVE-2025-11415
7.3📝
ManagementMultiple Products
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11416
7.3📝
ManagementMultiple Products
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-36355
8.5📝
IBMMultiple Products
IBM Security Verify Access and IBM Security Verify Access Docker 10
CVSS Base8.5
→
CRSSelect profile
CVE-2025-61770
7.5📝
webMultiple Products
Rack is a modular Ruby web server interface
CVSS Base7.5
→
CRSSelect profile
CVE-2025-61771
7.5📝
webMultiple Products
Rack is a modular Ruby web server interface
CVSS Base7.5
→
CRSSelect profile
CVE-2025-61772
7.5📝
webMultiple Products
Rack is a modular Ruby web server interface
CVSS Base7.5
→
CRSSelect profile
CVE-2025-43914
7.5📝
DellMultiple Products
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7
CVSS Base7.5
→
CRSSelect profile
CVE-2025-43727
7.5📝
DellMultiple Products
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7
CVSS Base7.5
→
CRSSelect profile
CVE-2025-36354
7.3📝
IBMMultiple Products
IBM Security Verify Access and IBM Security Verify Access Docker 10
CVSS Base7.3
→
CRSSelect profile
CVE-2025-54399
8.8📝
MultipleMultiple Products
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54400
8.8📝
MultipleMultiple Products
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54401
8.8📝
MultipleMultiple Products
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54402
8.8
MultipleMultiple Products
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-59152
7.5📝
AsynchronousMultiple Products
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework
CVSS Base7.5
→
CRSSelect profile
CVE-2025-36156
7.4
IBMMultiple Products
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11
CVSS Base7.4
→
CRSSelect profile
CVE-2025-40886
7.5
SQLMultiple Products
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter
CVSS Base7.5
→
CRSSelect profile
CVE-2025-61197
8.9📝
OrbanMultiple Products
An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1
CVSS Base8.9
→
CRSSelect profile
CVE-2025-11323
8.8📝
wasMultiple Products
A vulnerability was determined in UTT 1250GW up to v2v3
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11324
8.8
wasMultiple Products
A vulnerability was identified in Tenda AC18 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11325
8.8
securityMultiple Products
A security flaw has been discovered in Tenda AC18 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11326
8.8
weaknessMultiple Products
A weakness has been identified in Tenda AC18 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11327
8.8
securityMultiple Products
A security vulnerability has been detected in Tenda AC18 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11328
8.8
wasMultiple Products
A vulnerability was detected in Tenda AC18 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11338
8.8
D-LinkMultiple Products
A flaw has been found in D-Link DI-7100G C1 up to 20250928
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11339
8.8
D-LinkMultiple Products
A vulnerability has been found in D-Link DI-7100G C1 up to 20250928
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11355
8.8
hasMultiple Products
A vulnerability has been found in UTT 1250GW up to v2v3
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11356
8.8
wasMultiple Products
A vulnerability was found in Tenda AC23 up to 16
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11385
8.8
hasMultiple Products
A vulnerability has been found in Tenda AC20 up to 16
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11386
8.8
wasMultiple Products
A vulnerability was found in Tenda AC15 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11387
8.8
wasMultiple Products
A vulnerability was determined in Tenda AC15 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11388
8.8
wasMultiple Products
A vulnerability was identified in Tenda AC15 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11389
8.8
securityMultiple Products
A security flaw has been discovered in Tenda AC15 15
CVSS Base8.8
→
CRSSelect profile
CVE-2025-48826
8.8
formatMultiple Products
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54403
8.8
MultipleMultiple Products
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54404
8.8
MultipleMultiple Products
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54405
8.8
MultipleMultiple Products
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54406
8.8
MultipleMultiple Products
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-11408
8.8
D-LinkMultiple Products
A security vulnerability has been detected in D-Link DI-7001 MINI 24
CVSS Base8.8
→
CRSSelect profile
CVE-2025-25009
8.7
ImproperMultiple Products
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload
CVSS Base8.7
→
CRSSelect profile
CVE-2025-61687
8.3
FlowiseMultiple Products
Flowise is a drag & drop user interface to build a customized large language model flow
CVSS Base8.3
→
CRSSelect profile
CVE-2025-29192
8.2
FlowiseMultiple Products
Flowise before 3
CVSS Base8.2
→
CRSSelect profile
CVE-2025-50538
8.2
FlowiseMultiple Products
Flowise before 3
CVSS Base8.2
→
CRSSelect profile
CVE-2025-60959
8.2
TimeMultiple Products
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
CVSS Base8.2
→
CRSSelect profile
CVE-2025-60960
8.2
TimeMultiple Products
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
CVSS Base8.2
→
CRSSelect profile
CVE-2025-60962
8.2
TimeMultiple Products
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
CVSS Base8.2
→
CRSSelect profile
CVE-2025-60963
8.2
TimeMultiple Products
OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
CVSS Base8.2
→
CRSSelect profile
CVE-2025-3719
8.1
accessMultiple Products
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges
CVSS Base8.1
→
CRSSelect profile
CVE-2025-40889
8.1
pathMultiple Products
A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters
CVSS Base8.1
→
CRSSelect profile
CVE-2025-60956
8
TimeMultiple Products
Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
CVSS Base8
→
CRSSelect profile
CVE-2021-22291
8
ABB EIBPORTMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM
CVSS Base8
→
CRSSelect profile
CVE-2025-3718
7.9
AMultiple Products
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter
CVSS Base7.9
→
CRSSelect profile
CVE-2025-57781
7.8
installersMultiple Products
The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries
CVSS Base7.8
→
CRSSelect profile
CVE-2025-61784
7.6
UnknownMultiple Products
LLaMA-Factory is a tuning library for large language models
CVSS Base7.6
→
CRSSelect profile
CVE-2025-6985
7.5
splittersMultiple Products
The HTMLSectionSplitter class in langchain-text-splitters version 0
CVSS Base7.5
→
CRSSelect profile
CVE-2025-11362
7.5
pdfmakeMultiple Products
Versions of the package pdfmake before 0
CVSS Base7.5
→
CRSSelect profile
CVE-2025-59425
7.5
servingMultiple Products
vLLM is an inference and serving engine for large language models (LLMs)
CVSS Base7.5
→
CRSSelect profile
CVE-2025-61910
7.5
TheMultiple Products
The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN)
CVSS Base7.5
→
CRSSelect profile
CVE-2025-11310
7.3
weaknessMultiple Products
A weakness has been identified in Tipray 厦门天锐科技股份有���公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11311
7.3
securityMultiple Products
A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11312
7.3
wasMultiple Products
A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11313
7.3
flawMultiple Products
A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11314
7.3
hasMultiple Products
A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11315
7.3
wasMultiple Products
A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11316
7.3
wasMultiple Products
A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11317
7.3
wasMultiple Products
A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11318
7.3
securityMultiple Products
A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11329
7.3
CourseMultiple Products
A flaw has been found in code-projects Online Course Registration 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11334
7.3
ManagementMultiple Products
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11341
7.3
securityMultiple Products
A security flaw has been discovered in Jinher OA up to 2
CVSS Base7.3
→
CRSSelect profile
CVE-2025-60958
7.3
TimeMultiple Products
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4
CVSS Base7.3
→
CRSSelect profile
CVE-2025-60967
7.3
TimeMultiple Products
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11343
7.3
CrudMultiple Products
A security vulnerability has been detected in code-projects Student Crud Operation 3
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11347
7.3
wasMultiple Products
A vulnerability was found in code-projects Student Crud Operation up to 3
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11348
7.3
ManagementMultiple Products
A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11349
7.3
ManagementMultiple Products
A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11350
7.3
ManagementMultiple Products
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11396
7.3
OrderingMultiple Products
A vulnerability was identified in code-projects Simple Food Ordering System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11397
7.3
ManagementMultiple Products
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-6242
7.1
AMultiple Products
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set