Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Sunday's vulnerability disclosure shows 1 critical CVE and 11 high-priority vulnerabilities, reflecting minimal weekend disclosure activity. Seven CISA KEV vulnerabilities continue to require remediation across Samsung Mobile, Gladinet Triofox, Microsoft Windows, WatchGuard Firebox, Google Chromium, and Oracle Fusion Middleware systems. Eleven CVEs have been enhanced with Gemini AI analysis, providing detailed technical context for security teams.
One critical vulnerability disclosed (CVSS 9.3), unchanged from Saturday, reflecting typical Sunday minimal disclosure activity
Eleven high-priority vulnerabilities (CVSS 7.0-8.9), down 35% from Saturday's 17 CVEs
Seven CISA KEV vulnerabilities requiring remediation, unchanged from yesterday
Eleven CVEs enhanced with Gemini AI analysis (1 critical + 10 high-priority), indicated by analysis badge
Immediate action: Security teams should review the 1 critical vulnerability and assess organizational exposure to the 11 high-priority CVEs. Priority should be given to CVEs with Gemini AI analysis (indicated by analysis badge) which provide detailed technical context. Organizations should continue addressing the 7 CISA KEV vulnerabilities. Detailed analyst comments are available for 11 CVEs to support weekend remediation planning.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-21042
9.5
SamsungMobile Devices
â° Federal Deadline:November 30, 2025(1 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-12480
9.5đ
GladinetTriofox
â° Federal Deadline:December 2, 2025(3 days remaining)
Gladinet Triofox Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-62215
9.5
MicrosoftWindows
â° Federal Deadline:December 2, 2025(3 days remaining)
Microsoft Windows Race Condition Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-9242
9.5
WatchGuardFirebox
â° Federal Deadline:December 2, 2025(3 days remaining)
WatchGuard Firebox Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-13223
9.5đ
GoogleChromium V8
â° Federal Deadline:December 9, 2025(10 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61757
9.5đ
OracleFusion Middleware
â° Federal Deadline:December 11, 2025(12 days remaining)
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-26829
9.5
OpenPLCScadaBR
â° Federal Deadline:December 18, 2025(19 days remaining)
OpenPLC ScadaBR Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-65112
9.4đ
PubNet is aMultiple Products
PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain attacks. This issue has been patched in version 1.1.3.
CVSS Base9.4
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-13768
7.5đ
WebITRMultiple Products
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter
CVSS Base7.5
â
CRSSelect profile
CVE-2025-58303
8.4đ
screen recordingMultiple Products
UAF vulnerability in the screen recording framework module
CVSS Base8.4
â
CRSSelect profile
CVE-2025-58302
8.4đ
SettingsMultiple Products
Permission control vulnerability in the Settings module
CVSS Base8.4
â
CRSSelect profile
CVE-2025-66384
8.2đ
UnknownMultiple Products
app/Controller/EventsController
CVSS Base8.2
â
CRSSelect profile
CVE-2025-58310
8đ
distributedMultiple Products
Permission control vulnerability in the distributed component
CVSS Base8
â
CRSSelect profile
CVE-2025-12638
8đ
KerasMultiple Products
Keras version 3
CVSS Base8
â
CRSSelect profile
CVE-2025-51735
7.5đ
HCL Technologies CSVMultiple Products
CSV formula injection vulnerability in HCL Technologies Ltd
CVSS Base7.5
â
CRSSelect profile
CVE-2025-58316
7.3đ
DoSMultiple Products
DoS vulnerability in the video-related system service module
CVSS Base7.3
â
CRSSelect profile
CVE-2025-58308
7.3đ
improperMultiple Products
Vulnerability of improper criterion security check in the call module
CVSS Base7.3
â
CRSSelect profile
CVE-2025-53899
7.2đ
KiteworksMultiple Products
Kiteworks MFT orchestrates end-to-end file transfer workflows
CVSS Base7.2
â
CRSSelect profile
CVE-2025-53896
7.1đ
KiteworksMultiple Products
Kiteworks MFT orchestrates end-to-end file transfer workflows