CVE-2025-10585
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
Critical vulnerabilities, curated daily for security professionals
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
This curated brief highlights 5 critical vulnerabilities and 13 high-priority updates requiring immediate attention.
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path valid...
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a ...
The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout() function in all versions up to, and including, 1....
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
Use After Free (UAF) vulnerability in the office service
The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI)
Use After Free (UAF) vulnerability in the storage management module
Data processing error vulnerability in the package management module
A vulnerability was determined in code-projects E-Commerce Website 1
A weakness has been identified in Campcodes Online Apartment Visitor Management System 1
A vulnerability was detected in SourceCodester Online Student Result System 1
A vulnerability was determined in projectworlds Online Ordering Food System 1
A security vulnerability has been detected in code-projects E-Banking System 1
A vulnerability was identified in SourceCodester Best Salon Management System 1
A security flaw has been discovered in SourceCodester Best Salon Management System 1
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini