CVE-2025-10585
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
This curated brief highlights 7 critical vulnerabilities and 77 high-priority updates requiring immediate attention.
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied ...
A SQL Injection vulnerability exists in the edit_product.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The product_id GET parameter is unsafely passed to a SQL query without proper v...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This iss...
An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causin...
A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The m...
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corru...
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1
The RegistrationMagic â Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6
Nagios Log Server before 2024R1
Deno is a JavaScript, TypeScript, and WebAssembly runtime
The Motors â Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1
The Find Me On WordPress plugin through 2
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1
CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/_bulk endpoint
Rack is a modular Ruby web server interface
Rack is a modular Ruby web server interface
Rack is a modular Ruby web server interface
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter
A vulnerability has been found in UTT 1250GW up to v2v3
A vulnerability was found in Tenda AC23 up to 16
A vulnerability has been found in Tenda AC20 up to 16
A vulnerability was found in Tenda AC15 15
A vulnerability was determined in Tenda AC15 15
A vulnerability was identified in Tenda AC15 15
A security flaw has been discovered in Tenda AC15 15
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1
A security vulnerability has been detected in D-Link DI-7001 MINI 24
A security vulnerability has been detected in TOTOLINK N600R up to 4
An OS Command Injection vulnerability in the Admin panel in Curo UC300 5
ProjectWorlds Gym Management System1
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges
A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM
Framelink Figma MCP Server before 0
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter
Clash Verge Rev thru 2
LLaMA-Factory is a tuning library for large language models
Versions of the package pdfmake before 0
vLLM is an inference and serving engine for large language models (LLMs)
The NASAâs Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN)
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig
A vulnerability was found in code-projects Student Crud Operation up to 3
A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1
A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1
A vulnerability was identified in code-projects Simple Food Ordering System 1
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1
A vulnerability was detected in code-projects E-Commerce Website 1
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1
A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1
A vulnerability was identified in itsourcecode Leave Management System 1
A weakness has been identified in itsourcecode Student Transcript Processing System 1
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1
A flaw has been found in SourceCodester Hotel and Lodge Management System 1
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1
A vulnerability was determined in projectworlds Advanced Library Management System 1
A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1
A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1
A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1
A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1
A weakness has been identified in D-Link DIR-852 up to 20251002
An issue in the permission verification module and organization/application editing interface in Casdoor before 2
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set