Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 16 critical vulnerabilities and 100 high-priority updates requiring immediate attention.
143 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2021-43798
9.5
Grafana LabsGrafana
â° Federal Deadline:October 29, 2025(2 days remaining)
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-47827
9.5
IGELIGEL OS
â° Federal Deadline:November 3, 2025(7 days remaining)
IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-24990
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(7 days remaining)
Microsoft Windows Untrusted Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-59230
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(7 days remaining)
Microsoft Windows Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2016-7836
9.5
SKYSEAClient View
â° Federal Deadline:November 3, 2025(7 days remaining)
SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54253
9.5đ
AdobeExperience Manager (AEM) Forms
â° Federal Deadline:November 4, 2025(8 days remaining)
Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-48503
9.5
AppleMultiple Products
â° Federal Deadline:November 9, 2025(13 days remaining)
Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2746
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(13 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2747
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(13 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-33073
9.5
MicrosoftWindows
â° Federal Deadline:November 9, 2025(13 days remaining)
Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61884
9.5đ
OracleE-Business Suite
â° Federal Deadline:November 9, 2025(13 days remaining)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61932
9.5đ
MotexLANSCOPE Endpoint Manager
â° Federal Deadline:November 11, 2025(15 days remaining)
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54236
9.5đ
AdobeCommerce andâ¯Magento
â° Federal Deadline:November 13, 2025(17 days remaining)
Adobe Commerce andâ¯Magento Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59287
9.5đ
MicrosoftWindows
â° Federal Deadline:November 13, 2025(17 days remaining)
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6204
9.5
Dassault SystèmesDELMIA Apriso
â° Federal Deadline:November 17, 2025(21 days remaining)
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6205
9.5đ
Dassault SystèmesDELMIA Apriso
â° Federal Deadline:November 17, 2025(21 days remaining)
Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-64095
10đ
DNNMultiple Products
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and ...
CVSS Base10
â
CRSSelect profile
CVE-2025-55754
9.6đ
Improper Neutralization ofMultiple Products
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Wind...
CVSS Base9.6
â
CRSSelect profile
CVE-2025-60291
9.1đ
An issue was discovered in eTimeTrackLite Web thruMultiple Products
An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers to access specific routes and modify database connection confi...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-61385
9.6đ
SQL injection vulnerability in tlockeMultiple Products
SQL injection vulnerability in tlocke pg8000 1.31.4 allows remote attackers to execute arbitrary SQL commands via a specially crafted Python list input to function pg8000.native.literal.
CVSS Base9.6
â
CRSSelect profile
CVE-2025-62368
9đ
Taiga is an open source project managementMultiple Products
Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This ...
CVSS Base9
â
CRSSelect profile
CVE-2025-61481
10đ
An issue in MikroTik RouterOSMultiple Products
An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute arbitrary code via the HTTP- only WebFig management component
CVSS Base10
â
CRSSelect profile
CVE-2025-36386
9.8đ
IBM Maximo Application SuiteMultiple Products
IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-62959
9.1đ
Improper Control of Generation of CodeMultiple Products
Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turn...
Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Lin...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-62908
9.8đ
Missing Authorization vulnerability in gerritvanaaken Podlove Web PlayerMultiple Products
Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-62944
9.8đ
Missing Authorization vulnerability in MarkMultiple Products
Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-27224
9.8đ
TRUfusion Enterprise throughMultiple Products
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing ...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-62516
9.8đ
Landlord OnboardingMultiple Products
Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-10561
9.3đ
The device is running an outdated operatingMultiple Products
The device is running an outdated operating system, which may be susceptible to known vulnerabilities.
CVSS Base9.3
â
CRSSelect profile
CVE-2025-62892
9.1đ
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo CartMultiple Products
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart:...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-62919
9.1
Missing Authorization vulnerability in themeshopy TS Demo ImporterMultiple Products
Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/...
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-11735
7.5đ
WordPressMultiple Products
The HUSKY â Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62931
8.8đ
microsoftMultiple Products
Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-60425
8.6đ
NagiosMultiple Products
Nagios Fusion v2024R1
CVSS Base8.6
â
CRSSelect profile
CVE-2025-61247
8.2đ
UnknownMultiple Products
indieka900 online-shopping-system-php 1
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62925
8.1đ
Conversios MissingMultiple Products
Missing Authorization vulnerability in Conversios Conversios
CVSS Base8.1
â
CRSSelect profile
CVE-2025-10145
7.7đ
WordPressMultiple Products
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4
CVSS Base7.7
â
CRSSelect profile
CVE-2025-60424
7.6đ
lackMultiple Products
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1
CVSS Base7.6
â
CRSSelect profile
CVE-2025-12055
7.5đ
all releases untilMultiple Products
HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36Â with Servicepack 8 (week 36/2025), which allows an attacker to read arbitrary files from the Windows operating system
CVSS Base7.5
â
CRSSelect profile
CVE-2025-55752
7.5đ
Apache Relative PathMultiple Products
Relative Path Traversal vulnerability in Apache Tomcat
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62890
8.8đ
Premmerce PremmerceMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery
Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62935
8.1đ
ilmosys Open CloseMultiple Products
Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-59461
7.6đ
remoteMultiple Products
A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services
Cross-Site Request Forgery (CSRF) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62896
8.8
digitaldonkeyMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62916
8.8
Missing AuthorizationMultiple Products
Missing Authorization vulnerability in adivahaÂŽ Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62918
8.8
ignitionwpMultiple Products
Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62924
8.8
PickPlugins Post GridMultiple Products
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62929
8.8
PickPluginsMultiple Products
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62932
8.8
wprio Table Block byMultiple Products
Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels
Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62962
8.8đ
Andrea LandonioMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62980
8.8đ
MDZ Persian AdmninMultiple Products
Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12209
8.8đ
wasMultiple Products
A vulnerability was determined in Tenda O3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12210
8.8đ
wasMultiple Products
A vulnerability was identified in Tenda O3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12211
8.8đ
securityMultiple Products
A security flaw has been discovered in Tenda O3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12212
8.8
weaknessMultiple Products
A weakness has been identified in Tenda O3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12213
8.8
securityMultiple Products
A security vulnerability has been detected in Tenda O3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12214
8.8
wasMultiple Products
A vulnerability was detected in Tenda O3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12225
8.8
hasMultiple Products
A vulnerability has been found in Tenda AC6 15
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12232
8.8
wasMultiple Products
A vulnerability was detected in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12233
8.8
flawMultiple Products
A flaw has been found in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12234
8.8
hasMultiple Products
A vulnerability has been found in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12236
8.8
wasMultiple Products
A vulnerability was determined in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12239
8.8
TOTOLINKMultiple Products
A weakness has been identified in TOTOLINK A3300R 17
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12240
8.8
TOTOLINKMultiple Products
A security vulnerability has been detected in TOTOLINK A3300R 17
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12241
8.8
TOTOLINKMultiple Products
A vulnerability was detected in TOTOLINK A3300R 17
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12258
8.8
TOTOLINKMultiple Products
A vulnerability was detected in TOTOLINK A3300R 17
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12259
8.8
TOTOLINKMultiple Products
A flaw has been found in TOTOLINK A3300R 17
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12260
8.8
TOTOLINKMultiple Products
A vulnerability has been found in TOTOLINK A3300R 17
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12265
8.8
weaknessMultiple Products
A weakness has been identified in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12271
8.8
wasMultiple Products
A vulnerability was identified in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12272
8.8
securityMultiple Products
A security flaw has been discovered in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12273
8.8
weaknessMultiple Products
A weakness has been identified in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12274
8.8
securityMultiple Products
A security vulnerability has been detected in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-54968
8.8
GXPMultiple Products
An issue was discovered in BAE SOCET GXP before 4
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12322
8.8
flawMultiple Products
A flaw has been found in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62777
8.8
UseMultiple Products
Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-27222
8.6
EnterpriseMultiple Products
TRUfusion Enterprise through 7
CVSS Base8.6
â
CRSSelect profile
CVE-2025-8432
8.4
MBIMultiple Products
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24
CVSS Base8.4
â
CRSSelect profile
CVE-2025-59151
8.2
UnknownMultiple Products
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62893
8.1
mediavine Create byMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in mediavine Create by Mediavine mediavine-create allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62909
8.1
mrityunjay SmartMultiple Products
Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62922
8.1
Shambhu PatnaikMultiple Products
Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62927
8.1
Nelio Software NelioMultiple Products
Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62928
8.1
Joby Joseph SEO MetaMultiple Products
Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62938
8.1
Reoon TechnologyMultiple Products
Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62964
8.1
Missing AuthorizationMultiple Products
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-12235
8
wasMultiple Products
A vulnerability was found in Tenda CH22 1
CVSS Base8
â
CRSSelect profile
CVE-2025-52263
8
issueMultiple Products
An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1
CVSS Base8
â
CRSSelect profile
CVE-2025-36007
7.8
IBMMultiple Products
IBM QRadar SIEM 7
CVSS Base7.8
â
CRSSelect profile
CVE-2025-12341
7.8
wasMultiple Products
A vulnerability was detected in ermig1979 AntiDupl up to 2
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53814
7.8
AMultiple Products
A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53855
7.8
AnMultiple Products
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc
CVSS Base7.8
â
CRSSelect profile
CVE-2025-46582
7.7
privateMultiple Products
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product
CVSS Base7.7
â
CRSSelect profile
CVE-2025-10497
7.5
versionsMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17
CVSS Base7.5
â
CRSSelect profile
CVE-2025-11447
7.5
versionsMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62895
7.5
Vito Peleg AtarimMultiple Products
Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62902
7.5
ThemeHunk WP PopupMultiple Products
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62947
7.5
publitio PublitioMultiple Products
Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59460
7.5
systemMultiple Products
The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access
CVSS Base7.5
â
CRSSelect profile
CVE-2025-41067
7.5
Reachable AssertionMultiple Products
Reachable Assertion vulnerability in Open5GS up to version 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-41068
7.5
Reachable AssertionMultiple Products
Reachable Assertion vulnerability in Open5GS up to version 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-52268
7.5
StarChargeMultiple Products
StarCharge Artemis AC Charger 7-22 kW v1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-27223
7.5
EnterpriseMultiple Products
TRUfusion Enterprise through 7
CVSS Base7.5
â
CRSSelect profile
CVE-2025-27225
7.5
EnterpriseMultiple Products
TRUfusion Enterprise through 7
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61099
7.5
UnknownMultiple Products
FRRouting/frr from v2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61100
7.5
UnknownMultiple Products
FRRouting/frr from v2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61101
7.5
UnknownMultiple Products
FRRouting/frr from v4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61102
7.5
UnknownMultiple Products
FRRouting/frr from v4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61105
7.5
UnknownMultiple Products
FRRouting/frr from v4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61103
7.5
UnknownMultiple Products
FRRouting/frr from v4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61104
7.5
UnknownMultiple Products
FRRouting/frr from v4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61106
7.5
UnknownMultiple Products
FRRouting/frr from v4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61107
7.5
UnknownMultiple Products
FRRouting/frr from v4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62727
7.5
StarletteMultiple Products
Starlette is a lightweight ASGI framework/toolkit
CVSS Base7.5
â
CRSSelect profile
CVE-2025-12208
7.3
ManagementMultiple Products
A vulnerability was found in SourceCodester Best House Rental Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-12215
7.3
ShoppingMultiple Products
A flaw has been found in projectworlds Online Shopping System 1