Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Monday morning reveals dramatic weekend threat decline with only 2 critical vulnerabilities (-78% from Sunday) and 14 high-priority CVEs (-69% decrease). However, TODAY is the federal compliance deadline for 4 CISA KEV vulnerabilities (CVE-2025-47827, CVE-2025-24990, CVE-2025-59230, CVE-2016-7836) affecting IGEL OS, Microsoft Windows, and SKYSEA Client View. Organizations must complete immediate remediation or deploy compensating controls before end of business to maintain federal compliance.
4 CISA KEV vulnerabilities EXPIRE TODAY (November 3rd federal deadline)
2 critical CVEs (-78% dramatic weekend decline from Sunday's 9)
14 high-priority CVEs (-69% significant decrease)
17 total CISA KEV vulnerabilities with staggered deadlines
Monday vendor support restored for emergency patching
Federal agencies must submit compliance reports by EOD
Immediate action: IMMEDIATE FEDERAL DEADLINE ACTION: 4 CISA KEV vulnerabilities (CVE-2025-47827, CVE-2025-24990, CVE-2025-59230, CVE-2016-7836) MUST be remediated by end of business TODAY. Deploy emergency patches for IGEL OS, Microsoft Windows, and SKYSEA Client View. Organizations unable to patch must implement compensating controls and prepare exception documentation for federal compliance reporting.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-47827
9.5
IGELIGEL OS
â° Federal Deadline:November 3, 2025(1 days remaining)
IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-24990
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(1 days remaining)
Microsoft Windows Untrusted Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-59230
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(1 days remaining)
Microsoft Windows Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2016-7836
9.5
SKYSEAClient View
â° Federal Deadline:November 3, 2025(1 days remaining)
SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-54253
9.5đ
AdobeExperience Manager (AEM) Forms
â° Federal Deadline:November 4, 2025(2 days remaining)
Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2022-48503
9.5
AppleMultiple Products
â° Federal Deadline:November 9, 2025(7 days remaining)
Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-2746
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(7 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-2747
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(7 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-33073
9.5
MicrosoftWindows
â° Federal Deadline:November 9, 2025(7 days remaining)
Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-61884
9.5đ
OracleE-Business Suite
â° Federal Deadline:November 9, 2025(7 days remaining)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61932
9.5đ
MotexLANSCOPE Endpoint Manager
â° Federal Deadline:November 11, 2025(9 days remaining)
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54236
9.5đ
AdobeCommerce andâ¯Magento
â° Federal Deadline:November 13, 2025(11 days remaining)
Adobe Commerce andâ¯Magento Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59287
9.5đ
MicrosoftWindows
â° Federal Deadline:November 13, 2025(11 days remaining)
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6204
9.5
Dassault SystèmesDELMIA Apriso
â° Federal Deadline:November 17, 2025(15 days remaining)
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6205
9.5đ
Dassault SystèmesDELMIA Apriso
â° Federal Deadline:November 17, 2025(15 days remaining)
Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-41244
9.5đ
BroadcomVMware Aria Operations and VMware Tools
â° Federal Deadline:November 19, 2025(17 days remaining)
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-24893
9.5
XWikiPlatform
â° Federal Deadline:November 19, 2025(17 days remaining)
XWiki Platform Eval Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-6990
8.8đ
WordPressMultiple Products
The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4
CVSS Base8.8
â
CRSSelect profile
CVE-2025-10487
7.3đ
WordPressMultiple Products
The Advanced Ads â Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2
CVSS Base7.3
â
CRSSelect profile
CVE-2025-5949
8.8đ
WordPressMultiple Products
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6
CVSS Base8.8
â
CRSSelect profile
CVE-2025-6574
8.8đ
WordPressMultiple Products
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11920
8.8đ
WordPressMultiple Products
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11755
8.8đ
WordPressMultiple Products
The WP Delicious â Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12171
8.8đ
WordPressMultiple Products
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingest_image() function in versions 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11995
7.2đ
WordPressMultiple Products
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1
CVSS Base7.2
â
CRSSelect profile
CVE-2025-36367
8.8đ
IBMMultiple Products
IBM i 7
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12595
8.8đ
weaknessMultiple Products
A weakness has been identified in Tenda AC23 16
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12596
8.8đ
securityMultiple Products
A security vulnerability has been detected in Tenda AC23 16
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12604
7.3đ
ManagementMultiple Products
A vulnerability has been found in itsourcecode Online Loan Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-12605
7.3đ
ManagementMultiple Products
A vulnerability was found in itsourcecode Online Loan Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-12606
7.3đ
ManagementMultiple Products
A vulnerability was determined in itsourcecode Online Loan Management System 1