Critical vulnerabilities, curated daily for security professionals
🎯 SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
📊
Archived Security Brief
This curated brief highlights 0 critical vulnerabilities and 19 high-priority updates requiring immediate attention.
19 total vulnerabilities disclosed in last 24 hours
💡 Tip: Swipe CVE cards left to ⭐ star, right to ❌ remove
Section Navigation
⚠️
CISA Known Exploited Vulnerabilities
⚠️ CISA KEVURGENT
CVE-2025-58034
9.5📝
FortinetFortiWeb
⏰ Federal Deadline:November 24, 2025(2 days remaining)
Fortinet FortiWeb OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-48703
9.5📝
CWPControl Web Panel
⏰ Federal Deadline:November 24, 2025(2 days remaining)
CWP Control Web Panel OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEVURGENT
CVE-2025-11371
9.5
GladinetCentreStack and Triofox
⏰ Federal Deadline:November 24, 2025(2 days remaining)
Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-21042
9.5
SamsungMobile Devices
⏰ Federal Deadline:November 30, 2025(8 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-12480
9.5📝
GladinetTriofox
⏰ Federal Deadline:December 2, 2025(10 days remaining)
Gladinet Triofox Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-62215
9.5
MicrosoftWindows
⏰ Federal Deadline:December 2, 2025(10 days remaining)
Microsoft Windows Race Condition Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-9242
9.5
WatchGuardFirebox
⏰ Federal Deadline:December 2, 2025(10 days remaining)
WatchGuard Firebox Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-13223
9.5📝
GoogleChromium V8
⏰ Federal Deadline:December 9, 2025(17 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️ CISA KEV
CVE-2025-61757
9.5📝
OracleFusion Middleware
⏰ Federal Deadline:December 11, 2025(19 days remaining)
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
→
CRSSelect profile
⚠️
High Priority Updates
CVE-2025-13384
7.5📝
WordPressMultiple Products
The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1
CVSS Base7.5
→
CRSSelect profile
CVE-2025-13526
7.5📝
WordPressMultiple Products
The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1
CVSS Base7.5
→
CRSSelect profile
CVE-2025-13547
8.8📝
D-LinkMultiple Products
A flaw has been found in D-Link DIR-822K and DWR-M920 1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13548
8.8📝
D-LinkMultiple Products
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13549
8.8📝
D-LinkMultiple Products
A vulnerability was found in D-Link DIR-822K 1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13550
8.8📝
D-LinkMultiple Products
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13551
8.8📝
D-LinkMultiple Products
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13552
8.8📝
D-LinkMultiple Products
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1
CVSS Base8.8
→
CRSSelect profile
CVE-2025-13553
8.8📝
D-LinkMultiple Products
A weakness has been identified in D-Link DWR-M920 1
CVSS Base8.8
→
CRSSelect profile
CVE-2024-21922
7.3📝
AMDMultiple Products
A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution
CVSS Base7.3
→
CRSSelect profile
CVE-2024-21923
7.3📝
AMDMultiple Products
Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13554
7.3📝
ManagementMultiple Products
A security vulnerability has been detected in Campcodes Supplier Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13555
7.3📝
ManagementMultiple Products
A vulnerability was detected in Campcodes School File Management System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13556
7.3📝
PollingMultiple Products
A flaw has been found in Campcodes Online Polling System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13557
7.3📝
PollingMultiple Products
A vulnerability has been found in Campcodes Online Polling System 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13560
7.3
WebsiteMultiple Products
A vulnerability was found in SourceCodester Company Website CMS 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13561
7.3
WebsiteMultiple Products
A vulnerability was determined in SourceCodester Company Website CMS 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13562
7.3
D-LinkMultiple Products
A vulnerability was identified in D-Link DIR-852 1
CVSS Base7.3
→
CRSSelect profile
CVE-2025-13572
7.3
ManagementMultiple Products
A vulnerability was identified in projectworlds Advanced Library Management System 1