CVE-2025-10585
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
This curated brief highlights 16 critical vulnerabilities and 84 high-priority updates requiring immediate attention.
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied ...
The Community Events plugin for WordPress is vulnerable to SQL Injection via the âevent_venueâ parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied p...
Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkServ...
The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user ...
The WP Travel Engine â Tour Booking Plugin â Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due to insufficient file path validation in the set_use...
The WP Travel Engine â Tour Booking Plugin â Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This ...
Azure Entra ID Elevation of Privilege Vulnerability
Azure Entra ID Elevation of Privilege Vulnerability
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that...
Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath para...
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUT...
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowin...
A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler. The m...
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corru...
BBOT's gitdumper module could be abused to execute commands through a malicious git repository.
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2
The Lisfinity Core - Lisfinity Core plugin used for pebasÂŽ Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1
Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp
Azure PlayFab Elevation of Privilege Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network
The RegistrationMagic â Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6
Deno is a JavaScript, TypeScript, and WebAssembly runtime
The Motors â Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures in all versions up to, and including, 1
The Find Me On WordPress plugin through 2
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1
The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS)
Redis Enterprise Elevation of Privilege Vulnerability
A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface
A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700Â devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS)
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS)
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones
pyLoad is a free and open-source download manager written in Python
A vulnerability exists in the Progress Flowmon web application prior to version 12
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system
Memory corruption while invoking remote procedure IOCTL calls
A security vulnerability has been detected in TOTOLINK N600R up to 4
An OS Command Injection vulnerability in the Admin panel in Curo UC300 5
ProjectWorlds Gym Management System1
A flaw has been found in Tenda AC7 15
A vulnerability has been found in Tenda AC7 15
A vulnerability was found in Tenda AC7 15
A vulnerability was determined in Tenda AC7 15
A vulnerability was identified in Tenda AC7 15
Memory corruption while performing SCM call
Memory corruption while performing SCM call with malformed inputs
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems
A vulnerability has been found in Tenda W12 3
An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is optional for this connection
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access affected pages
Framelink Figma MCP Server before 0
Memory corruption while processing camera platform driver IOCTL calls
Memory corruption during PlayReady APP usecase while processing TA commands
Memory corruption while processing a malformed license file during reboot
Memory corruption while processing escape commands from userspace
Memory corruption while processing IOCTL call to get the mapping
memory corruption while processing an image encoding completion event
Memory corruption while processing control commands in the virtual memory management interface
Memory corruption while processing an escape call
Memory corruption while processing user buffers
Memory corruption while allocating buffers in DSP service
GitLab has remediated an issue in GitLab EE affecting all versions from 18
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13
D-Link DIR-816A2_FWv1
An infinite loop issue in Amazon
BigBlueButton is an open-source virtual classroom
BigBlueButton is an open-source virtual classroom
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig
A vulnerability was detected in code-projects E-Commerce Website 1
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1
A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1
A vulnerability was identified in itsourcecode Leave Management System 1
A weakness has been identified in itsourcecode Student Transcript Processing System 1
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1
A flaw has been found in SourceCodester Hotel and Lodge Management System 1
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1
A vulnerability was determined in projectworlds Advanced Library Management System 1
A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1
A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1
A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1
A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1
A weakness has been identified in D-Link DIR-852 up to 20251002
A vulnerability was determined in code-projects E-Commerce Website 1
A security flaw has been discovered in ChurchCRM up to 5
Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8
A vulnerability was detected in Campcodes Online Learning Management System 1
A flaw has been found in code-projects Simple Leave Manager 1
A vulnerability has been found in projectworlds Gate Pass Management System 1
A vulnerability was found in code-projects E-Commerce Website 1
An issue in the permission verification module and organization/application editing interface in Casdoor before 2
In Flowmon versions prior to 12
Transient DOS may occur when multi-profile concurrency arises with QHS enabled
BigBlueButton is an open-source virtual classroom