Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Friday's vulnerability disclosure shows eight critical vulnerabilities and 47 high-priority CVEs, representing a significant decrease in critical activity from Thursday's elevated count of 28. Six actively exploited CISA KEV vulnerabilities continue to require remediation. The decrease in critical CVEs (from 28 to 8) reflects a return to more typical disclosure levels after Thursday's increased activity.
Eight critical vulnerabilities disclosed (CVSS 9.0+), a 71% decrease from Thursday's count of 28 critical CVEs
Forty-seven high-priority vulnerabilities (CVSS 7.0-8.9), unchanged from Thursday
Six actively exploited CISA KEV vulnerabilities requiring remediation, unchanged from Thursday
Critical CVE frequency decreased 33% compared to historical average, reflecting lower-than-average disclosure activity
Immediate action: Security teams should review the eight critical vulnerabilities and continue addressing the 47 high-priority CVEs. Organizations should prioritize remediation of the six actively exploited CISA KEV vulnerabilities. Detailed analyst comments are available for select CVEs to support remediation planning.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
π¨
Critical Vulnerabilities
CVE-2025-13390
10
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions upMultiple Products
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authentication algorithm in the "wdk_generate_auto_login_link" function. This is due to the feature using a cryptographically weak token generation mechanism. This makes it possible for unauthenticated attackers to gain administrative access and achieve full site takeover via the auto-login endpoint with a predictable token.
CVSS Base10
β
CRSSelect profile
CVE-2025-55182
10
AMultiple Products
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
CVSS Base10
β
CRSSelect profile
CVE-2025-13486
9.8
The Advanced CustomMultiple Products
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject backdoors or create new administrative user accounts.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-13342
9.8
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions upMultiple Products
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the ActionOptions::run() save handler. This makes it possible for unauthenticated attackers to modify critical WordPress options such as users_can_register, default_role, and admin_email via submitting crafted form data to public frontend forms.
CVSS Base9.8
β
CRSSelect profile
CVE-2024-32641
9.8
Masa CMS is an open source Enterprise Content ManagementMultiple Products
Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-66222
9.6
DeepChat is a smart assistant uses artificialMultiple Products
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC bridge, this XSS can be escalated to Remote Code Execution (RCE) by registering and starting a malicious MCP (Model Context Protocol) server.
CVSS Base9.6
β
CRSSelect profile
CVE-2024-45538
9.6
UnknownMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Base9.6
β
CRSSelect profile
CVE-2025-65267
9
In ERPNextMultiple Products
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored cross-site scripting (XSS). Successful exploitation may lead to account takeover, privilege escalation, or full compromise of the affected ERPNext instance.
CVSS Base9
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-12744
8.8
A flaw was found in the ABRTMultiple Products
A flaw was found in the ABRT daemonβs handling of user-supplied mount information
CVSS Base8.8
β
CRSSelect profile
CVE-2025-57198
8.8
AVTECH SECURITY CorporationMultiple Products
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine
CVSS Base8.8
β
CRSSelect profile
CVE-2025-57199
8.8
AVTECH SECURITY CorporationMultiple Products
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary
CVSS Base8.8
β
CRSSelect profile
CVE-2025-57201
8.8
AVTECH SECURITY CorporationMultiple Products
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function
CVSS Base8.8
β
CRSSelect profile
CVE-2024-32642
8.8
Masa CMS is an open source Enterprise Content ManagementMultiple Products
Masa CMS is an open source Enterprise Content Management platform
CVSS Base8.8
β
CRSSelect profile
CVE-2025-33208
8.8
NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled searchMultiple Products
NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path
CVSS Base8.8
β
CRSSelect profile
CVE-2025-66287
8.8
A flaw was found inMultiple Products
A flaw was found in WebKitGTK
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14015
8.8
A weakness has been identified inMultiple Products
A weakness has been identified in H3C Magic B0 up to 100R002
CVSS Base8.8
β
CRSSelect profile
CVE-2025-13543
8.8
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in theMultiple Products
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-65959
8.7
Open WebUI is aMultiple Products
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline
CVSS Base8.7
β
CRSSelect profile
CVE-2025-65958
8.5
Open WebUI is aMultiple Products
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline
CVSS Base8.5
β
CRSSelect profile
CVE-2025-50360
8.4
A heap buffer overflow inMultiple Products
A heap buffer overflow in compiler
CVSS Base8.4
β
CRSSelect profile
CVE-2025-12995
8.1
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certainMultiple Products
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances
CVSS Base8.1
β
CRSSelect profile
CVE-2025-20386
8
In Splunk Enterprise for Windows versions belowMultiple Products
In Splunk Enterprise for Windows versions below 10
CVSS Base8
β
CRSSelect profile
CVE-2025-20387
8
In Splunk Universal Forwarder for Windows versions belowMultiple Products
In Splunk Universal Forwarder for Windows versions below 10
CVSS Base8
β
CRSSelect profile
CVE-2025-54065
7.9
GZDoom is a feature centric port for all Doom engineMultiple Products
GZDoom is a feature centric port for all Doom engine games
Coder allows organizations to provision remote development environments viaMultiple Products
Coder allows organizations to provision remote development environments via Terraform
CVSS Base7.8
β
CRSSelect profile
CVE-2025-54158
7.8
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop beforeMultiple Products
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1
CVSS Base7.8
β
CRSSelect profile
CVE-2025-54160
7.8
Improper limitation of a pathname to a restricted directoryMultiple Products
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1
CVSS Base7.8
β
CRSSelect profile
CVE-2025-7044
7.7
An Improper Input Validation vulnerability exists in the user websocket handler ofMultiple Products
An Improper Input Validation vulnerability exists in the user websocket handler of MAAS
CVSS Base7.7
β
CRSSelect profile
CVE-2025-65843
7.7
Aquarius DesktopMultiple Products
Aquarius Desktop 3
CVSS Base7.7
β
CRSSelect profile
CVE-2025-65027
7.6
RomMMultiple Products
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface
CVSS Base7.6
β
CRSSelect profile
CVE-2025-13646
7.5
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in theMultiple Products
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65320
7.5
Abacre Restaurant Point of SaleMultiple Products
Abacre Restaurant Point of Sale (POS) up to 15
CVSS Base7.5
β
CRSSelect profile
CVE-2024-32643
7.5
Masa CMS is an open source Enterprise Content ManagementMultiple Products
Masa CMS is an open source Enterprise Content Management platform
CVSS Base7.5
β
CRSSelect profile
CVE-2025-54326
7.5
An issue was discovered in Camera in Samsung Mobile Processor ExynosMultiple Products
An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200
CVSS Base7.5
β
CRSSelect profile
CVE-2024-3884
7.5
A flaw was found in Undertow that can cause remote denial of serviceMultiple Products
A flaw was found in Undertow that can cause remote denial of service attacks
CVSS Base7.5
β
CRSSelect profile
CVE-2025-12819
7.5
Untrusted search path inMultiple Products
Untrusted search path in auth_query connection handler in PgBouncer before 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-33201
7.5
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra largeMultiple Products
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads
CVSS Base7.5
β
CRSSelect profile
CVE-2025-33211
7.5
NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity inMultiple Products
NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input
CVSS Base7.5
β
CRSSelect profile
CVE-2024-45539
7.5
UnknownMultiple Products
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7
CVSS Base7.5
β
CRSSelect profile
CVE-2025-54159
7.5
Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop beforeMultiple Products
Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65945
7.5
UnknownMultiple Products
auth0/node-jws is a JSON Web Signature implementation for Node
CVSS Base7.5
β
CRSSelect profile
CVE-2025-12097
7.5
There is a relative path traversal vulnerability in the NI System Web Server that may result in informationMultiple Products
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure
CVSS Base7.5
β
CRSSelect profile
CVE-2025-53704
7.5
The password reset mechanism for the Pivot client application isMultiple Products
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account
CVSS Base7.5
β
CRSSelect profile
CVE-2025-66506
7.5
Fulcio is aMultiple Products
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity
CVSS Base7.5
β
CRSSelect profile
CVE-2025-13373
7.5
Advantech iView versionsMultiple Products
Advantech iView versions 5
CVSS Base7.5
β
CRSSelect profile
CVE-2025-66564
7.5
Sigstore Timestamp Authority is a service for issuing RFCMultiple Products
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps
CVSS Base7.5
β
CRSSelect profile
CVE-2025-13947
7.4
A flaw was found inMultiple Products
A flaw was found in WebKitGTK
CVSS Base7.4
β
CRSSelect profile
CVE-2025-66561
7.3
SysReptor is a fully customizable pentest reportingMultiple Products
SysReptor is a fully customizable pentest reporting platform
CVSS Base7.3
β
CRSSelect profile
CVE-2025-13645
7.2
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in theMultiple Products
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2
CVSS Base7.2
β
CRSSelect profile
CVE-2025-11727
7.2
The Omnichannel forMultiple Products
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration β Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync() function in all versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2025-29846
7.2
A vulnerability in portenable cgi allows remote authenticated users to get the status of installedMultiple Products
A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages
CVSS Base7.2
β
CRSSelect profile
CVE-2025-66238
7.2
DCIM dcTrack allows an attacker to misuse certain remote accessMultiple Products
DCIM dcTrack allows an attacker to misuse certain remote access features
CVSS Base7.2
β
CRSSelect profile
CVE-2025-66293
7.1
LIBPNG is a reference library for use in applications thatMultiple Products
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files