Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 11 critical vulnerabilities and 42 high-priority updates requiring immediate attention.
53 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2014-6278
9.5
GNUGNU Bash
â° Federal Deadline:October 22, 2025(2 days remaining)
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2017-1000353
9.5
JenkinsJenkins
â° Federal Deadline:October 22, 2025(2 days remaining)
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2015-7755
9.5
JuniperScreenOS
â° Federal Deadline:October 22, 2025(2 days remaining)
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-21043
9.5
SamsungMobile Devices
â° Federal Deadline:October 22, 2025(2 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-4008
9.5
SmartbeddedMeteobridge
â° Federal Deadline:October 22, 2025(2 days remaining)
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-22555
9.5
LinuxKernel
â° Federal Deadline:October 26, 2025(6 days remaining)
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2010-3962
9.5
MicrosoftInternet Explorer
â° Federal Deadline:October 26, 2025(6 days remaining)
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-43226
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(6 days remaining)
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2013-3918
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(6 days remaining)
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2011-3402
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(6 days remaining)
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2010-3765
9.5
MozillaMultiple Products
â° Federal Deadline:October 26, 2025(6 days remaining)
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-61882
9.5đ
OracleE-Business Suite
â° Federal Deadline:October 26, 2025(6 days remaining)
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-27915
9.5
SynacorZimbra Collaboration Suite (ZCS)
â° Federal Deadline:October 27, 2025(7 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-43798
9.5
Grafana LabsGrafana
â° Federal Deadline:October 29, 2025(9 days remaining)
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-47827
9.5
IGELIGEL OS
â° Federal Deadline:November 3, 2025(14 days remaining)
IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-24990
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(14 days remaining)
Microsoft Windows Untrusted Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59230
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(14 days remaining)
Microsoft Windows Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6264
9.5
Rapid7Velociraptor
â° Federal Deadline:November 3, 2025(14 days remaining)
Rapid7 Velociraptor Incorrect Default Permissions Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2016-7836
9.5
SKYSEAClient View
â° Federal Deadline:November 3, 2025(14 days remaining)
SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54253
9.5đ
AdobeExperience Manager (AEM) Forms
â° Federal Deadline:November 4, 2025(15 days remaining)
Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-48503
9.5
AppleMultiple Products
â° Federal Deadline:November 9, 2025(20 days remaining)
Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2746
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(20 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2747
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(20 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-33073
9.5
MicrosoftWindows
â° Federal Deadline:November 9, 2025(20 days remaining)
Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61884
9.5đ
OracleE-Business Suite
â° Federal Deadline:November 9, 2025(20 days remaining)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, all...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-61303
9.8đ
Hatching Triage Sandbox WindowsMultiple Products
Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sampl...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-53037
9.8đ
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services ApplicationsMultiple Products
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-53072
9.8đ
Vulnerability in the Oracle Marketing product of OracleMultiple Products
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerabili...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-61757
9.8đ
Vulnerability in the Identity Manager product of Oracle Fusion MiddlewareMultiple Products
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulner...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-62481
9.8đ
Vulnerability in the Oracle Marketing product of OracleMultiple Products
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerabili...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-10916
9.1đ
The FormGent WordPress plugin beforeMultiple Products
The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary ...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-11948
9.8đ
Document Management System developed by Excellent Infotek has an Arbitrary File UploadMultiple Products
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabl...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-10020
9.9đ
Zohocorp ManageEngine ADManager Plus version beforeMultiple Products
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
CVSS Base9.9
â
CRSSelect profile
CVE-2025-61932
9.8đ
Lanscope Endpoint ManagerMultiple Products
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending sp...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-9574
9.1đ
Missing Authentication for Critical Function vulnerability in ABBMultiple Products
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .Â
All firmware versions with the Serial Number from 2000 to 5166
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-57738
7.2đ
ApacheMultiple Products
Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machinery is set for runtime reload
CVSS Base7.2
â
CRSSelect profile
CVE-2025-53036
8.6đ
OracleMultiple Products
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
CVSS Base8.6
â
CRSSelect profile
CVE-2025-53049
8.4đ
OracleMultiple Products
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration)
CVSS Base8.4
â
CRSSelect profile
CVE-2025-62587
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62588
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62589
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62590
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62641
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-53043
8.1đ
OracleMultiple Products
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog)
CVSS Base8.1
â
CRSSelect profile
CVE-2025-61751
8.1đ
OracleMultiple Products
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
CVSS Base8.1
â
CRSSelect profile
CVE-2025-61763
8.1đ
OracleMultiple Products
Vulnerability in Oracle Essbase (component: Essbase Web Platform)
CVSS Base8.1
â
CRSSelect profile
CVE-2025-53050
7.5đ
OracleMultiple Products
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-53066
7.5đ
OracleMultiple Products
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61752
7.5đ
OracleMultiple Products
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61760
7.5đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62290
7.2
OracleMultiple Products
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage)
CVSS Base7.2
â
CRSSelect profile
CVE-2025-3465
7.1đ
ImproperMultiple Products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSenseâĸ HM, ABB CoreSenseâĸ M10
CVSS Base7.1
â
CRSSelect profile
CVE-2025-61301
7.5
UnknownMultiple Products
Denial-of-analysis in reporting/mongodb
CVSS Base7.5
â
CRSSelect profile
CVE-2025-9428
8.3
PlusMultiple Products
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api
CVSS Base8.3
â
CRSSelect profile
CVE-2025-60507
8.9
Moodle GeniAIMultiple Products
Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2
CVSS Base8.9
â
CRSSelect profile
CVE-2025-62577
8.8đ
ETERNUSMultiple Products
ETERNUS SF provided by Fsas Technologies Inc
CVSS Base8.8
â
CRSSelect profile
CVE-2025-61417
8.8đ
UnknownMultiple Products
Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11151
8.2
Beyaz BilgisayarMultiple Products
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd
CVSS Base8.2
â
CRSSelect profile
CVE-2025-56224
8.1
lackMultiple Products
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62509
8.1đ
fileMultiple Products
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62510
8.1đ
fileMultiple Products
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations
CVSS Base8.1
â
CRSSelect profile
CVE-2025-9133
8.1
Zyxel ATP seriesMultiple Products
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62518
8.1
UnknownMultiple Products
astral-tokio-tar is a tar archive reading/writing library for async Rust
CVSS Base8.1
â
CRSSelect profile
CVE-2025-41390
7.8đ
arbitraryMultiple Products
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co
CVSS Base7.8
â
CRSSelect profile
CVE-2025-61488
7.6đ
issueMultiple Products
An issue in Senayan Library Management System (SLiMS) 9 Bulian v
CVSS Base7.6
â
CRSSelect profile
CVE-2025-56223
7.5đ
lackMultiple Products
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8
CVSS Base7.5
â
CRSSelect profile
CVE-2024-55568
7.5đ
ModemMultiple Products
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400
CVSS Base7.5
â
CRSSelect profile
CVE-2025-26781
7.5đ
ModemMultiple Products
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300
CVSS Base7.5
â
CRSSelect profile
CVE-2025-26782
7.5đ
ModemMultiple Products
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300
CVSS Base7.5
â
CRSSelect profile
CVE-2025-11949
7.5
EasyFlowMultiple Products
EasyFlow
CVSS Base7.5
â
CRSSelect profile
CVE-2025-60751
7.5
GeographicLibMultiple Products
GeographicLib 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61220
7.5
incompleteMultiple Products
The incomplete verification mechanism in the AutoBizLine com
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62429
7.2
ClipBucketMultiple Products
ClipBucket v5 is an open source video sharing platform
CVSS Base7.2
â
CRSSelect profile
CVE-2025-8078
7.2
Zyxel ATP seriesMultiple Products
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4
CVSS Base7.2
â
CRSSelect profile
CVE-2025-60500
7.2
ManagementMultiple Products
QDocs Smart School Management System 7
CVSS Base7.2
â
CRSSelect profile
CVE-2025-56219
7.1đ
IncorrectMultiple Products
Incorrect access control in SigningHub v8
CVSS Base7.1
â
CRSSelect profile
CVE-2025-62527
7.1
TaguetteMultiple Products
Taguette is an open source qualitative research tool