Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 3 critical vulnerabilities and 29 high-priority updates requiring immediate attention.
32 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-10585
9.5đ
GoogleChromium V8
â° Federal Deadline:October 13, 2025(1 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-32463
9.5
SudoSudo
â° Federal Deadline:October 19, 2025(7 days remaining)
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-59689
9.5
LibraesvaEmail Security Gateway
â° Federal Deadline:October 19, 2025(7 days remaining)
Libraesva Email Security Gateway Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-10035
9.5đ
FortraGoAnywhere MFT
â° Federal Deadline:October 19, 2025(7 days remaining)
Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20352
9.5đ
CiscoIOS and IOS XE
â° Federal Deadline:October 19, 2025(7 days remaining)
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-21311
9.5
AdminerAdminer
â° Federal Deadline:October 19, 2025(7 days remaining)
Adminer Server-Side Request Forgery Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2014-6278
9.5
GNUGNU Bash
â° Federal Deadline:October 22, 2025(10 days remaining)
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2017-1000353
9.5
JenkinsJenkins
â° Federal Deadline:October 22, 2025(10 days remaining)
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2015-7755
9.5
JuniperScreenOS
â° Federal Deadline:October 22, 2025(10 days remaining)
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-21043
9.5
SamsungMobile Devices
â° Federal Deadline:October 22, 2025(10 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-4008
9.5
SmartbeddedMeteobridge
â° Federal Deadline:October 22, 2025(10 days remaining)
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-22555
9.5
LinuxKernel
â° Federal Deadline:October 26, 2025(14 days remaining)
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2010-3962
9.5
MicrosoftInternet Explorer
â° Federal Deadline:October 26, 2025(14 days remaining)
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-43226
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(14 days remaining)
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2013-3918
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(14 days remaining)
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2011-3402
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(14 days remaining)
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2010-3765
9.5
MozillaMultiple Products
â° Federal Deadline:October 26, 2025(14 days remaining)
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61882
9.5đ
OracleE-Business Suite
â° Federal Deadline:October 26, 2025(14 days remaining)
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-27915
9.5
SynacorZimbra Collaboration Suite (ZCS)
â° Federal Deadline:October 27, 2025(15 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-43798
9.5
Grafana LabsGrafana
â° Federal Deadline:October 29, 2025(17 days remaining)
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-37729
9.1đ
Improper neutralization of special elements used in a template engine in Elastic Cloud EnterpriseMultiple Products
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing c...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-6919
9.8đ
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allow...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-9976
9đ
An OS Command Injection vulnerability affecting Station Launcher App inMultiple Products
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute ar...
CVSS Base9
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-11675
7.2đ
theMultiple Products
Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server
CVSS Base7.2
â
CRSSelect profile
CVE-2025-61884
7.5đ
OracleMultiple Products
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61688
8.6đ
KubernetesMultiple Products
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud
CVSS Base8.6
â
CRSSelect profile
CVE-2025-11654
7.3đ
wasMultiple Products
A vulnerability was identified in yousaf530 Inferno Online Clothing Store up to 827dd42bfbe380e8de76fdc67958c24cf1246208
CVSS Base7.3
â
CRSSelect profile
CVE-2025-9713
8.8đ
EndpointMultiple Products
Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11695
8đ
WhenMultiple Products
When tlsInsecure=False appears in a connection string, certificate validation is disabled
CVSS Base8
â
CRSSelect profile
CVE-2025-11673
7.2đ
theMultiple Products
SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server
CVSS Base7.2
â
CRSSelect profile
CVE-2025-11622
7.8đ
EndpointMultiple Products
Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges
CVSS Base7.8
â
CRSSelect profile
CVE-2025-11651
8.8đ
hasMultiple Products
A vulnerability has been found in UTT čŋå 518G up to V3v3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11652
8.8đ
wasMultiple Products
A vulnerability was found in UTT čŋå 518G up to V3v3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11653
8.8đ
UTTMultiple Products
A vulnerability was determined in UTT HiPER 2620G up to 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-10552
8.7đ
storedMultiple Products
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session
CVSS Base8.7
â
CRSSelect profile
CVE-2025-10556
8.7đ
SpecificationMultiple Products
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session
CVSS Base8.7
â
CRSSelect profile
CVE-2025-10557
8.7đ
fromMultiple Products
A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session
CVSS Base8.7
â
CRSSelect profile
CVE-2025-10558
8.7đ
storedMultiple Products
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session
CVSS Base8.7
â
CRSSelect profile
CVE-2025-0636
8.4
EMCLIMultiple Products
EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution
CVSS Base8.4
â
CRSSelect profile
CVE-2025-36087
8.1
IBMMultiple Products
IBM Security Verify Access 10
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62363
7.8
UnknownMultiple Products
yt-grabber-tui is a terminal user interface application for downloading videos
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9902
7.5
AKIN SoftwareMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62170
7.5
MMORPGMultiple Products
rAthena is an open-source cross-platform MMORPG server
CVSS Base7.5
â
CRSSelect profile
CVE-2025-11656
7.3
weaknessMultiple Products
A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11657
7.3
securityMultiple Products
A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11658
7.3
wasMultiple Products
A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11659
7.3
flawMultiple Products
A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11660
7.3
hasMultiple Products
A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11661
7.3
wasMultiple Products
A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11662
7.3
ManagementMultiple Products
A security flaw has been discovered in SourceCodester Best Salon Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-7707
7.1
libraryMultiple Products
The llama_index library version 0
CVSS Base7.1
â
CRSSelect profile
CVE-2025-11649
7đ
TomofunMultiple Products
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini