Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
This curated brief highlights 15 critical vulnerabilities and 87 high-priority updates requiring immediate attention.
102 total vulnerabilities disclosed in last 24 hours
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-54253
9.5π
AdobeExperience Manager (AEM) Forms
β° Federal Deadline:November 4, 2025(1 days remaining)
Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2022-48503
9.5
AppleMultiple Products
β° Federal Deadline:November 9, 2025(6 days remaining)
Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-2746
9.5
KenticoXperience CMS
β° Federal Deadline:November 9, 2025(6 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-2747
9.5
KenticoXperience CMS
β° Federal Deadline:November 9, 2025(6 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-33073
9.5
MicrosoftWindows
β° Federal Deadline:November 9, 2025(6 days remaining)
Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-61884
9.5π
OracleE-Business Suite
β° Federal Deadline:November 9, 2025(6 days remaining)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-61932
9.5π
MotexLANSCOPE Endpoint Manager
β° Federal Deadline:November 11, 2025(8 days remaining)
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-54236
9.5π
AdobeCommerce andβ―Magento
β° Federal Deadline:November 13, 2025(10 days remaining)
Adobe Commerce andβ―Magento Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-59287
9.5π
MicrosoftWindows
β° Federal Deadline:November 13, 2025(10 days remaining)
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-6204
9.5
Dassault SystèmesDELMIA Apriso
β° Federal Deadline:November 17, 2025(14 days remaining)
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-6205
9.5π
Dassault SystèmesDELMIA Apriso
β° Federal Deadline:November 17, 2025(14 days remaining)
Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-41244
9.5π
BroadcomVMware Aria Operations and VMware Tools
β° Federal Deadline:November 19, 2025(16 days remaining)
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-24893
9.5
XWikiPlatform
β° Federal Deadline:November 19, 2025(16 days remaining)
XWiki Platform Eval Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48703
9.5π
CWPControl Web Panel
β° Federal Deadline:November 24, 2025(21 days remaining)
CWP Control Web Panel OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-11371
9.5
GladinetCentreStack and Triofox
β° Federal Deadline:November 24, 2025(21 days remaining)
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2025-12493
9.8π
The ShopLentorMultiple Products
The ShopLentor β WooCommerce Builder for Elementor & Gutenberg +21 Modules β All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, ...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-11007
9.8π
TheMultiple Products
The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in ve...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-8900
9.8π
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions upMultiple Products
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set th...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-63451
9.8π
UnknownMultiple Products
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-63453
9.8π
UnknownMultiple Products
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-12158
9.8π
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on theMultiple Products
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-63452
9.4π
UnknownMultiple Products
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
CVSS Base9.4
β
CRSSelect profile
CVE-2025-11008
9.8π
TheMultiple Products
The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers t...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-12682
9.8π
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in theMultiple Products
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-11953
9.8π
The Metro DevelopmentMultiple Products
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. Thi...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-12463
9.8π
An unauthenticated SQL Injection was discovered within the GeutebruckMultiple Products
An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EF...
CVSS Base9.8
β
CRSSelect profile
CVE-2025-54863
10π
Radiometrics VizAir is vulnerable to exposure of theMultiple Products
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, au...
CVSS Base10
β
CRSSelect profile
CVE-2025-61945
10π
Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system withoutMultiple Products
Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters suc...
CVSS Base10
β
CRSSelect profile
CVE-2025-61956
10π
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for criticalMultiple Products
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, pote...
CVSS Base10
β
CRSSelect profile
CVE-2025-0987
9.9π
Authorization Bypass ThroughMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103.
CVSS Base9.9
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-11890
7.5π
WordPressMultiple Products
The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-11724
8.8π
WordPressMultiple Products
The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3
CVSS Base8.8
β
CRSSelect profile
CVE-2025-10896
8.8π
WordPressMultiple Products
Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-23358
8.2π
NVIDIAMultiple Products
NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue
CVSS Base8.2
β
CRSSelect profile
CVE-2025-11704
7.5π
WordPressMultiple Products
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-11733
7.2π
WordPressMultiple Products
The Footnotes Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3
CVSS Base7.2
β
CRSSelect profile
CVE-2025-60785
8.8π
Postgres DriversMultiple Products
A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7
CVSS Base8.8
β
CRSSelect profile
CVE-2025-47365
7.8π
MemoryMultiple Products
Memory corruption while processing large input data from a remote source via a communication interface
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20727
7.5π
InMultiple Products
In Modem, there is a possible out of bounds write due to a heap buffer overflow
CVSS Base7.5
β
CRSSelect profile
CVE-2025-12611
8.8π
wasMultiple Products
A vulnerability was identified in Tenda AC21 16
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12618
8.8π
hasMultiple Products
A vulnerability has been found in Tenda AC8 16
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12619
8.8π
wasMultiple Products
A vulnerability was found in Tenda A15 15
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12622
8.8π
wasMultiple Products
A vulnerability was determined in Tenda AC10 16
CVSS Base8.8
β
CRSSelect profile
CVE-2025-43419
8.8π
issueMultiple Products
The issue was addressed with improved memory handling
CVSS Base8.8
β
CRSSelect profile
CVE-2025-43431
8.8π
issueMultiple Products
The issue was addressed with improved memory handling
CVSS Base8.8
β
CRSSelect profile
CVE-2025-43433
8.8
issueMultiple Products
The issue was addressed with improved memory handling
CVSS Base8.8
β
CRSSelect profile
CVE-2025-43505
8.8
AnMultiple Products
An out-of-bounds write issue was addressed with improved input validation
CVSS Base8.8
β
CRSSelect profile
CVE-2025-27074
8.8
MemoryMultiple Products
Memory corruption while processing a GP command response
CVSS Base8.8
β
CRSSelect profile
CVE-2025-60503
8.7π
ultimatefostersMultiple Products
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4
CVSS Base8.7
β
CRSSelect profile
CVE-2025-11690
8.5
InsecureMultiple Products
An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other usersβ vehicles
CVSS Base8.5
β
CRSSelect profile
CVE-2025-48396
8.3π
ArbitraryMultiple Products
Arbitrary code executionΒ is possible due to improper validation of the file upload functionality in Eaton BLSS
CVSS Base8.3
β
CRSSelect profile
CVE-2025-43323
8.1
ThisMultiple Products
This issue was addressed with additional entitlement checks
CVSS Base8.1
β
CRSSelect profile
CVE-2025-43480
8.1
issueMultiple Products
The issue was addressed with improved checks
CVSS Base8.1
β
CRSSelect profile
CVE-2025-47357
8
InformationMultiple Products
Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions
CVSS Base8
β
CRSSelect profile
CVE-2025-20742
8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base8
β
CRSSelect profile
CVE-2025-43361
7.8
AnMultiple Products
An out-of-bounds read was addressed with improved bounds checking
CVSS Base7.8
β
CRSSelect profile
CVE-2025-43364
7.8
raceMultiple Products
A race condition was addressed with additional validation
CVSS Base7.8
β
CRSSelect profile
CVE-2025-43387
7.8
permissionsMultiple Products
A permissions issue was addressed with additional restrictions
CVSS Base7.8
β
CRSSelect profile
CVE-2025-43407
7.8
ThisMultiple Products
This issue was addressed with improved entitlements
CVSS Base7.8
β
CRSSelect profile
CVE-2025-43472
7.8
validationMultiple Products
A validation issue was addressed with improved input sanitization
CVSS Base7.8
β
CRSSelect profile
CVE-2025-43474
7.8
AnMultiple Products
An out-of-bounds read was addressed with improved input validation
CVSS Base7.8
β
CRSSelect profile
CVE-2025-43476
7.8
permissionsMultiple Products
A permissions issue was addressed with additional restrictions
CVSS Base7.8
β
CRSSelect profile
CVE-2025-27070
7.8
MemoryMultiple Products
Memory corruption while performing encryption and decryption commands
CVSS Base7.8
β
CRSSelect profile
CVE-2025-47352
7.8
MemoryMultiple Products
Memory corruption while processing audio streaming operations
CVSS Base7.8
β
CRSSelect profile
CVE-2025-47353
7.8
MemoryMultiple Products
Memory corruption while processing request sent from GVM
CVSS Base7.8
β
CRSSelect profile
CVE-2025-47360
7.8
processingMultiple Products
Memory corruption while processing client message during device management
CVSS Base7.8
β
CRSSelect profile
CVE-2025-47361
7.8
MemoryMultiple Products
Memory corruption when triggering a subsystem crash with an out-of-range identifier
CVSS Base7.8
β
CRSSelect profile
CVE-2025-47367
7.8
MemoryMultiple Products
Memory corruption while accessing a buffer during IOCTL processing
CVSS Base7.8
β
CRSSelect profile
CVE-2025-47368
7.8
MemoryMultiple Products
Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20728
7.8
wlanMultiple Products
In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20733
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20735
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20737
7.8
wlanMultiple Products
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2025-50735
7.5π
NextChat thruMultiple Products
Directory traversal vulnerability in NextChat thru 2
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43350
7.5
permissionsMultiple Products
A permissions issue was addressed with additional restrictions
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43373
7.5
issueMultiple Products
The issue was addressed with improved memory handling
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43385
7.5
AnMultiple Products
An out-of-bounds access issue was addressed with improved bounds checking
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43389
7.5
privacyMultiple Products
A privacy issue was addressed by removing the vulnerable code
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43399
7.5
ThisMultiple Products
This issue was addressed with improved redaction of sensitive information
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43401
7.5
AMultiple Products
A denial-of-service issue was addressed with improved validation
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43405
7.5
permissionsMultiple Products
A permissions issue was addressed with additional sandbox restrictions
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43409
7.5
permissionsMultiple Products
A permissions issue was addressed with additional sandbox restrictions
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43413
7.5
accessMultiple Products
An access issue was addressed with additional sandbox restrictions
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43424
7.5
issueMultiple Products
The issue was addressed with improved bounds checks
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43436
7.5
permissionsMultiple Products
A permissions issue was addressed with additional restrictions
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43439
7.5
privacyMultiple Products
A privacy issue was addressed by removing sensitive data
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43442
7.5
permissionsMultiple Products
A permissions issue was addressed with additional restrictions
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43449
7.5
issueMultiple Products
The issue was addressed with improved handling of caches
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43450
7.5
logicMultiple Products
A logic issue was addressed with improved checks
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43452
7.5
ThisMultiple Products
This issue was addressed by restricting options offered on a locked device
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43454
7.5
ThisMultiple Products
This issue was addressed through improved state management
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43462
7.5
issueMultiple Products
The issue was addressed with improved memory handling
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43468
7.5
IntelMultiple Products
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43469
7.5
permissionsMultiple Products
A permissions issue was addressed with additional restrictions
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43496
7.5
issueMultiple Products
The issue was addressed by adding additional logic
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43500
7.5
privacyMultiple Products
A privacy issue was addressed with improved handling of user preferences
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43502
7.5
privacyMultiple Products
A privacy issue was addressed by removing sensitive data
CVSS Base7.5
β
CRSSelect profile
CVE-2025-20725
7.5
imsMultiple Products
In ims service, there is a possible out of bounds write due to a missing bounds check
CVSS Base7.5
β
CRSSelect profile
CVE-2025-20726
7.5
InMultiple Products
In Modem, there is a possible out of bounds write due to an incorrect bounds check
CVSS Base7.5
β
CRSSelect profile
CVE-2025-54323
7.5
ProcessorMultiple Products
An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580
CVSS Base7.5
β
CRSSelect profile
CVE-2025-54329
7.5
ModemMultiple Products
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400
CVSS Base7.5
β
CRSSelect profile
CVE-2025-54332
7.5
throughMultiple Products
An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025
CVSS Base7.5
β
CRSSelect profile
CVE-2025-52513
7.5
ProcessorMultiple Products
An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500
CVSS Base7.5
β
CRSSelect profile
CVE-2025-54334
7.5
ProcessorMultiple Products
An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500
CVSS Base7.5
β
CRSSelect profile
CVE-2025-32786
7.5
GLPIMultiple Products
The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents
CVSS Base7.5
β
CRSSelect profile
CVE-2025-12604
7.3π
ManagementMultiple Products
A vulnerability has been found in itsourcecode Online Loan Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-12605
7.3π
ManagementMultiple Products
A vulnerability was found in itsourcecode Online Loan Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-12606
7.3π
ManagementMultiple Products
A vulnerability was determined in itsourcecode Online Loan Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-12607
7.3π
ManagementMultiple Products
A vulnerability was identified in itsourcecode Online Loan Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-12608
7.3π
ManagementMultiple Products
A security flaw has been discovered in itsourcecode Online Loan Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-12617
7.3π
BillingMultiple Products
A flaw has been found in itsourcecode Billing System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-63441
7.3
OpenMultiple Products
Open Source Social Network (OSSN) 8
CVSS Base7.3
β
CRSSelect profile
CVE-2025-48397
7.1
privilegedMultiple Products
The privileged user could log in without sufficient credentials after enabling an application protocol
CVSS Base7.1
β
CRSSelect profile
CVE-2025-10280
7.1
IdentityIQMultiple Products
IdentityIQ
8
CVSS Base7.1
β
CRSSelect profile
CVE-2025-12531
7.1
IBMMultiple Products
IBM InfoSphere Information Server 11
CVSS Base7.1
β
CRSSelect profile
CVE-2025-43338
7.1
AnMultiple Products
An out-of-bounds access issue was addressed with improved bounds checking
CVSS Base7.1
β
CRSSelect profile
CVE-2025-43386
7.1
AnMultiple Products
An out-of-bounds access issue was addressed with improved bounds checking