Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 4 critical vulnerabilities and 18 high-priority updates requiring immediate attention.
22 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2014-6278
9.5
GNUGNU Bash
â° Federal Deadline:October 22, 2025(3 days remaining)
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2017-1000353
9.5
JenkinsJenkins
â° Federal Deadline:October 22, 2025(3 days remaining)
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2015-7755
9.5
JuniperScreenOS
â° Federal Deadline:October 22, 2025(3 days remaining)
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-21043
9.5
SamsungMobile Devices
â° Federal Deadline:October 22, 2025(3 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-4008
9.5
SmartbeddedMeteobridge
â° Federal Deadline:October 22, 2025(3 days remaining)
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-22555
9.5
LinuxKernel
â° Federal Deadline:October 26, 2025(7 days remaining)
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2010-3962
9.5
MicrosoftInternet Explorer
â° Federal Deadline:October 26, 2025(7 days remaining)
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-43226
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(7 days remaining)
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2013-3918
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(7 days remaining)
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2011-3402
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(7 days remaining)
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2010-3765
9.5
MozillaMultiple Products
â° Federal Deadline:October 26, 2025(7 days remaining)
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-61882
9.5đ
OracleE-Business Suite
â° Federal Deadline:October 26, 2025(7 days remaining)
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-27915
9.5
SynacorZimbra Collaboration Suite (ZCS)
â° Federal Deadline:October 27, 2025(8 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-43798
9.5
Grafana LabsGrafana
â° Federal Deadline:October 29, 2025(10 days remaining)
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-47827
9.5
IGELIGEL OS
â° Federal Deadline:November 3, 2025(15 days remaining)
IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-24990
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(15 days remaining)
Microsoft Windows Untrusted Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59230
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(15 days remaining)
Microsoft Windows Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6264
9.5
Rapid7Velociraptor
â° Federal Deadline:November 3, 2025(15 days remaining)
Rapid7 Velociraptor Incorrect Default Permissions Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2016-7836
9.5
SKYSEAClient View
â° Federal Deadline:November 3, 2025(15 days remaining)
SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54253
9.5đ
AdobeExperience Manager (AEM) Forms
â° Federal Deadline:November 4, 2025(16 days remaining)
Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-48503
9.5
AppleMultiple Products
â° Federal Deadline:November 9, 2025(21 days remaining)
Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2746
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(21 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2747
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(21 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-33073
9.5
MicrosoftWindows
â° Federal Deadline:November 9, 2025(21 days remaining)
Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61884
9.5đ
OracleE-Business Suite
â° Federal Deadline:November 9, 2025(21 days remaining)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, all...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-11948
9.8đ
Document Management System developed by Excellent Infotek has an Arbitrary File UploadMultiple Products
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabl...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-61932
9.8đ
Lanscope Endpoint ManagerMultiple Products
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending sp...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-9574
9.1đ
Missing Authentication for Critical Function vulnerability in ABBMultiple Products
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .Â
All firmware versions with the Serial Number from 2000 to 5166
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-57738
7.2đ
ApacheMultiple Products
Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machinery is set for runtime reload
CVSS Base7.2
â
CRSSelect profile
CVE-2025-3465
7.1đ
ImproperMultiple Products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSenseâĸ HM, ABB CoreSenseâĸ M10
CVSS Base7.1
â
CRSSelect profile
CVE-2025-62577
8.8đ
ETERNUSMultiple Products
ETERNUS SF provided by Fsas Technologies Inc
CVSS Base8.8
â
CRSSelect profile
CVE-2025-61417
8.8đ
UnknownMultiple Products
Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62509
8.1đ
fileMultiple Products
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62510
8.1đ
fileMultiple Products
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations
CVSS Base8.1
â
CRSSelect profile
CVE-2025-41390
7.8đ
arbitraryMultiple Products
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co
CVSS Base7.8
â
CRSSelect profile
CVE-2025-61488
7.6đ
issueMultiple Products
An issue in Senayan Library Management System (SLiMS) 9 Bulian v
CVSS Base7.6
â
CRSSelect profile
CVE-2025-56219
7.5đ
IncorrectMultiple Products
Incorrect access control in SigningHub v8
CVSS Base7.5
â
CRSSelect profile
CVE-2025-56223
7.5đ
lackMultiple Products
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8
CVSS Base7.5
â
CRSSelect profile
CVE-2024-55568
7.5đ
ModemMultiple Products
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400
CVSS Base7.5
â
CRSSelect profile
CVE-2025-26781
7.5đ
ModemMultiple Products
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300
CVSS Base7.5
â
CRSSelect profile
CVE-2025-26782
7.5đ
ModemMultiple Products
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300
CVSS Base7.5
â
CRSSelect profile
CVE-2025-11942
7.3đ
foundMultiple Products
A flaw has been found in 70mai X200 up to 20251010
CVSS Base7.3
â
CRSSelect profile
CVE-2025-11943
7.3đ
foundMultiple Products
A vulnerability has been found in 70mai X200 up to 20251010
CVSS Base7.3
â
CRSSelect profile
CVE-2025-62429
7.2
ClipBucketMultiple Products
ClipBucket v5 is an open source video sharing platform
CVSS Base7.2
â
CRSSelect profile
CVE-2025-62527
7.1
TaguetteMultiple Products
Taguette is an open source qualitative research tool
CVSS Base7.1
â
CRSSelect profile
CVE-2025-11940
7đ
securityMultiple Products
A security vulnerability has been detected in LibreWolf up to 143