Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Archived Security Brief
Saturday's security landscape delivers an urgent pre-deadline warning as seven CISA Known Exploited Vulnerabilities face federal compliance deadlines tomorrow, Sunday, October 26, with organizations entering a critical 24-hour countdown for mandatory remediation. This weekend brief follows an extraordinary week that produced two maximum-severity CVSS 10.0 vulnerabilities—CVE-2025-57870 affecting Esri ArcGIS Server and CVE-2025-61934 in Productivity Suite—while the patch availability crisis continues unabated at 0% for all 12 current critical vulnerabilities. With 22 actively exploited vulnerabilities tracked by CISA and five additional KEV entries already overdue from the October 22 deadline, federal agencies and their contractors face non-compliance risks heading into Sunday's enforcement moment. Security teams must activate weekend emergency operations to address tomorrow's federal deadlines while managing the sustained absence of vendor patches across critical infrastructure systems.
Federal Deadline Crisis: 7 CISA KEV vulnerabilities expire tomorrow (Sunday, October 26) requiring emergency weekend remediation—24-hour countdown active
Week's Maximum-Severity Events: Two CVSS 10.0 vulnerabilities discovered this week—CVE-2025-57870 (Esri ArcGIS Server SQL injection) and CVE-2025-61934 (Productivity Suite unrestricted IP binding)
Ongoing Non-Compliance: 5 CISA KEV vulnerabilities remain overdue from October 22 federal deadline with no remediation progress reported
Patch Availability Collapse: 0% patch availability sustained across all 12 critical vulnerabilities (CVSS 9.0+) affecting enterprise systems
Active Exploitation Scale: 22 CISA Known Exploited Vulnerabilities require immediate weekend action with federal enforcement implications
Weekend Operations Required: Security teams must staff emergency response for Sunday deadline with limited vendor support availability
Immediate action: Immediate action required before Sunday federal deadline: Deploy emergency patches for seven CISA KEV vulnerabilities expiring October 26 (CVE-2021-22555, CVE-2010-3962, CVE-2021-43226, CVE-2013-3918, CVE-2011-3402, CVE-2010-3765, CVE-2025-61882). Implement network segmentation and enhanced monitoring for CVSS 10.0 vulnerabilities CVE-2025-57870 (Esri ArcGIS Server) and CVE-2025-61934 (Productivity Suite) discovered this week. Activate weekend security operations center staffing to address 24-hour compliance countdown with federal enforcement implications for non-remediation.
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2021-22555
9.5
LinuxKernel
⏰ Federal Deadline:October 26, 2025(3 days remaining)
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2010-3962
9.5
MicrosoftInternet Explorer
⏰ Federal Deadline:October 26, 2025(3 days remaining)
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2021-43226
9.5
MicrosoftWindows
⏰ Federal Deadline:October 26, 2025(3 days remaining)
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2013-3918
9.5
MicrosoftWindows
⏰ Federal Deadline:October 26, 2025(3 days remaining)
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2011-3402
9.5
MicrosoftWindows
⏰ Federal Deadline:October 26, 2025(3 days remaining)
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2010-3765
9.5
MozillaMultiple Products
⏰ Federal Deadline:October 26, 2025(3 days remaining)
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-61882
9.5📝
OracleE-Business Suite
⏰ Federal Deadline:October 26, 2025(3 days remaining)
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-27915
9.5
SynacorZimbra Collaboration Suite (ZCS)
⏰ Federal Deadline:October 27, 2025(4 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2021-43798
9.5
Grafana LabsGrafana
⏰ Federal Deadline:October 29, 2025(6 days remaining)
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-47827
9.5
IGELIGEL OS
⏰ Federal Deadline:November 3, 2025(11 days remaining)
IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-24990
9.5📝
MicrosoftWindows
⏰ Federal Deadline:November 3, 2025(11 days remaining)
Microsoft Windows Untrusted Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-59230
9.5📝
MicrosoftWindows
⏰ Federal Deadline:November 3, 2025(11 days remaining)
Microsoft Windows Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2016-7836
9.5
SKYSEAClient View
⏰ Federal Deadline:November 3, 2025(11 days remaining)
SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-54253
9.5📝
AdobeExperience Manager (AEM) Forms
⏰ Federal Deadline:November 4, 2025(12 days remaining)
Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2022-48503
9.5
AppleMultiple Products
⏰ Federal Deadline:November 9, 2025(17 days remaining)
Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-2746
9.5
KenticoXperience CMS
⏰ Federal Deadline:November 9, 2025(17 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-2747
9.5
KenticoXperience CMS
⏰ Federal Deadline:November 9, 2025(17 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-33073
9.5
MicrosoftWindows
⏰ Federal Deadline:November 9, 2025(17 days remaining)
Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-61884
9.5📝
OracleE-Business Suite
⏰ Federal Deadline:November 9, 2025(17 days remaining)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-61932
9.5📝
MotexLANSCOPE Endpoint Manager
⏰ Federal Deadline:November 11, 2025(19 days remaining)
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-54236
9.5📝
AdobeCommerce and Magento
⏰ Federal Deadline:November 13, 2025(21 days remaining)
Adobe Commerce and Magento Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-59287
9.5📝
MicrosoftWindows
⏰ Federal Deadline:November 13, 2025(21 days remaining)
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
🚨
Critical Vulnerabilities
CVE-2025-6440
9.8📝
The WooCommerce Designer Pro plugin forMultiple Products
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation ...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-11023
9.8📝
Inclusion of Functionality from Untrusted ControlMultiple Products
Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software an...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-59503
9.9📝
UnknownMultiple Products
Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
CVSS Base9.9
→
CRSSelect profile
CVE-2025-43995
9.8📝
Dell Storage CenterMultiple Products
Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulne...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-61934
10📝
A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software versionMultiple Products
A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ...
CVSS Base10
→
CRSSelect profile
CVE-2025-58428
9.9📝
TheMultiple Products
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute syste...
CVSS Base9.9
→
CRSSelect profile
CVE-2025-60548
9.8📝
UnknownMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
CVSS Base9.8
→
CRSSelect profile
CVE-2025-60803
9.8📝
AntabotMultiple Products
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.
CVSS Base9.8
→
CRSSelect profile
CVE-2025-11253
9.8📝
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty ERP: before V.1.1000...
CVSS Base9.8
→
CRSSelect profile
CVE-2025-60553
9.8📝
UnknownMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
CVSS Base9.8
→
CRSSelect profile
CVE-2025-60554
9.8📝
UnknownMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.
CVSS Base9.8
→
CRSSelect profile
CVE-2025-47699
9.9📝
Exposure of Sensitive System Information to an Unauthorized Control SphereMultiple Products
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make cri...
CVSS Base9.9
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2025-11575
7.8📝
MongoDB Atlas SQLMultiple Products
Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation
CVSS Base7.8
→
CRSSelect profile
CVE-2025-62868
8.1📝
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion
CVSS Base8.1
→
CRSSelect profile
CVE-2025-10861
7.5📝
WordPressMultiple Products
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2
CVSS Base7.5
→
CRSSelect profile
CVE-2025-12028
8.8📝
WordPressMultiple Products
The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4
CVSS Base8.8
→
CRSSelect profile
CVE-2025-59500
7.7📝
ImproperMultiple Products
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network
CVSS Base7.7
→
CRSSelect profile
CVE-2025-11504
7.5📝
WordPressMultiple Products
The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0
CVSS Base7.5
→
CRSSelect profile
CVE-2025-59273
7.3📝
ImproperMultiple Products
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network
CVSS Base7.3
→
CRSSelect profile
CVE-2025-11889
7.2📝
WordPressMultiple Products
The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 1
CVSS Base7.2
→
CRSSelect profile
CVE-2025-12100
7.8📝
MongoDB BI ConnectorMultiple Products
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation
CVSS Base7.8
→
CRSSelect profile
CVE-2025-43994
8.6📝
DellMultiple Products
Dell Storage Center - Dell Storage Manager, version(s) DSM 20
CVSS Base8.6
→
CRSSelect profile
CVE-2025-60570
7.5📝
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60801
8.2📝
jshERPMultiple Products
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function
CVSS Base8.2
→
CRSSelect profile
CVE-2025-60568
7.5📝
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall
CVSS Base7.5
→
CRSSelect profile
CVE-2025-10680
8.8📝
OpenVPNMultiple Products
OpenVPN 2
CVSS Base8.8
→
CRSSelect profile
CVE-2025-55067
7.1📝
exceedMultiple Products
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover
CVSS Base7.1
→
CRSSelect profile
CVE-2025-6979
8.8
CaptiveMultiple Products
Captive Portal can allow authentication bypass
CVSS Base8.8
→
CRSSelect profile
CVE-2025-62399
7.5
UnknownMultiple Products
Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks
CVSS Base7.5
→
CRSSelect profile
CVE-2025-11621
8.1
VaultMultiple Products
Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard
CVSS Base8.1
→
CRSSelect profile
CVE-2025-60569
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60571
7.5
D-LinkMultiple Products
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60572
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60547
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard7
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60549
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60550
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60551
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60552
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formTcpipSetup
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60555
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizardSelectMode
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60556
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60557
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60558
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formVirtualServ
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60559
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60561
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60562
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60563
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60564
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60565
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60566
7.5
D-LinkMultiple Products
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter
CVSS Base7.5
→
CRSSelect profile
CVE-2025-62498
8.8
softwareMultiple Products
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version
4
CVSS Base8.8
→
CRSSelect profile
CVE-2025-54964
8.4
GXPMultiple Products
An issue was discovered in BAE SOCET GXP before 4
CVSS Base8.4
→
CRSSelect profile
CVE-2025-60954
8.3
MicroweberMultiple Products
Microweber CMS 2
CVSS Base8.3
→
CRSSelect profile
CVE-2025-46183
8.2
TheMultiple Products
The Utils
CVSS Base8.2
→
CRSSelect profile
CVE-2025-59048
8.1
UnknownMultiple Products
OpenBao's AWS Plugin generates AWS access credentials based on IAM policies
CVSS Base8.1
→
CRSSelect profile
CVE-2025-62169
8.1
UnknownMultiple Products
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata
CVSS Base8.1
→
CRSSelect profile
CVE-2025-62716
8.1
PlaneMultiple Products
Plane is open-source project management software
CVSS Base8.1
→
CRSSelect profile
CVE-2025-23347
7.8
NVIDIAMultiple Products
NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions
CVSS Base7.8
→
CRSSelect profile
CVE-2025-23352
7.8
NVIDIAMultiple Products
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access
CVSS Base7.8
→
CRSSelect profile
CVE-2025-54808
7.8
OxfordMultiple Products
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24
CVSS Base7.8
→
CRSSelect profile
CVE-2025-10914
7.6
Proliz SoftwareMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd
CVSS Base7.6
→
CRSSelect profile
CVE-2025-60730
7.6
PerfreeBlogMultiple Products
PerfreeBlog v4
CVSS Base7.6
→
CRSSelect profile
CVE-2025-60731
7.6
PerfreeBlogMultiple Products
PerfreeBlog v4
CVSS Base7.6
→
CRSSelect profile
CVE-2025-60735
7.6
PerfreeBlogMultiple Products
PerfreeBlog v4
CVSS Base7.6
→
CRSSelect profile
CVE-2025-12105
7.5
flawMultiple Products
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications
CVSS Base7.5
→
CRSSelect profile
CVE-2025-50950
7.5
AudiofileMultiple Products
Audiofile v0
CVSS Base7.5
→
CRSSelect profile
CVE-2025-6980
7.5
CaptiveMultiple Products
Captive Portal can expose sensitive information
CVSS Base7.5
→
CRSSelect profile
CVE-2025-12044
7.5
VaultMultiple Products
Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads
CVSS Base7.5
→
CRSSelect profile
CVE-2025-58078
7.5
softwareMultiple Products
A relative path traversal vulnerability was discovered in Productivity Suite software version
4
CVSS Base7.5
→
CRSSelect profile
CVE-2025-58429
7.5
softwareMultiple Products
A relative path traversal vulnerability was discovered in Productivity Suite software version 4
CVSS Base7.5
→
CRSSelect profile
CVE-2025-11145
7.5
CBK Soft SoftwareMultiple Products
Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc
CVSS Base7.5
→
CRSSelect profile
CVE-2025-60938
7.5
EmoncmsMultiple Products
Emoncms 11
CVSS Base7.5
→
CRSSelect profile
CVE-2025-52099
7.5
SQLite IntegerMultiple Products
Integer Overflow vulnerability in SQLite SQLite3 v
CVSS Base7.5
→
CRSSelect profile
CVE-2025-6978
7.2
DiagnosticsMultiple Products
Diagnostics command injection vulnerability
CVSS Base7.2
→
CRSSelect profile
CVE-2025-61132
7.1
password resetMultiple Products
A Host Header Injection vulnerability in the password reset component in levlaz braindump v0
CVSS Base7.1
→
CRSSelect profile
CVE-2025-61136
7.1
password resetMultiple Products
A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2
CVSS Base7.1
→
CRSSelect profile
CVE-2025-62688
7.1
softwareMultiple Products
An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4
CVSS Base7.1
→
CRSSelect profile
CVE-2025-61977
7
weakMultiple Products
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4