Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Saturday's vulnerability disclosure shows eight critical vulnerabilities and 56 high-priority CVEs, representing a 19% increase in high-priority activity from Friday's count of 47. Seven actively exploited CISA KEV vulnerabilities continue to require remediation. Critical CVE count remains unchanged at eight, maintaining consistent levels from Friday. The overall critical CVE frequency shows a 33% decrease compared to historical averages, reflecting below-average disclosure activity for the weekend.
Eight critical vulnerabilities disclosed (CVSS 9.0+), unchanged from Friday's count
Fifty-six high-priority vulnerabilities (CVSS 7.0-8.9), a 19% increase from Friday's 47 CVEs
Seven actively exploited CISA KEV vulnerabilities requiring remediation, one additional KEV from Friday
Critical CVE frequency decreased 33% compared to historical average, reflecting continued below-average disclosure activity
Immediate action: Security teams should review the eight critical vulnerabilities and the 56 high-priority CVEs. Organizations should prioritize remediation of the seven actively exploited CISA KEV vulnerabilities. Detailed analyst comments are available for select CVEs to support remediation planning.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
π¨
Critical Vulnerabilities
CVE-2025-66570
10
UnknownMultiple Products
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.
CVSS Base10
β
CRSSelect profile
CVE-2025-53963
9.8
An issue was discovered on Thermo Fisher Ion Torrent OneTouchMultiple Products
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has a weak default password of ionadmin, and a password change policy for the root account is not enforced. Thus, an attacker with network connectivity can achieve root code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-54303
9.8
The Thermo Fisher Torrent Suite Django applicationMultiple Products
The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credentials; however, a password change policy for default administrative accounts is not enforced. Many deployments may retain default credentials, in which case an attacker is likely to be able to successfully authenticate with administrative privileges.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-54304
9.8
An issue was discovered on Thermo Fisher Ion Torrent OneTouchMultiple Products
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from 127.0.0.1 and 192.168.2.15. If a device is powered on and later connected to a network with DHCP, the device may not be assigned the 192.168.2.15 IP address, leaving the display server accessible by other devices on the network. The exposed X11 display server can then be used to gain root privileges and the ability to execute code remotely by interacting with matchbox-desktop and spawning a terminal. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-13313
9.8
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions upMultiple Products
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts via the `ntzcrm_changepassword` endpoint, granted they can obtain or enumerate a target user's email address. The plugin also exposes the `ntzcrm_get_users` endpoint without authentication, allowing attackers to enumerate subscriber email addresses, facilitating the exploitation of the password reset vulnerability.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-12374
9.8
The EmailMultiple Products
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login β User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting an empty OTP value.
CVSS Base9.8
β
CRSSelect profile
CVE-2024-45538
9.6
UnknownMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Base9.6
β
CRSSelect profile
CVE-2025-65346
9.1
alexusmaiMultiple Products
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.
CVSS Base9.1
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-54307
8.8
An issue was discovered in the Thermo Fisher Torrent Suite Django applicationMultiple Products
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5
CVSS Base8.8
β
CRSSelect profile
CVE-2025-66287
8.8
A flaw was found inMultiple Products
A flaw was found in WebKitGTK
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14015
8.8
A weakness has been identified inMultiple Products
A weakness has been identified in H3C Magic B0 up to 100R002
CVSS Base8.8
β
CRSSelect profile
CVE-2025-13543
8.8
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in theMultiple Products
The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-13066
8.8
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions upMultiple Products
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12153
8.8
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions upMultiple Products
The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12154
8.8
The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in theMultiple Products
The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12181
8.8
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in theMultiple Products
The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12879
8.8
The User Generator and Importer plugin for WordPress is vulnerable toMultiple Products
The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-65897
8.8
UnknownMultiple Products
zdh_web is a data collection, processing, monitoring, scheduling, and management platform
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14106
8.8
A vulnerability was identified in ZSPACEMultiple Products
A vulnerability was identified in ZSPACE Q2C NAS up to 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14107
8.8
A security flaw has been discovered in ZSPACEMultiple Products
A security flaw has been discovered in ZSPACE Q2C NAS up to 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14108
8.8
A weakness has been identified in ZSPACEMultiple Products
A weakness has been identified in ZSPACE Q2C NAS up to 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-65959
8.7
Open WebUI is aMultiple Products
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline
CVSS Base8.7
β
CRSSelect profile
CVE-2025-65958
8.5
Open WebUI is aMultiple Products
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline
CVSS Base8.5
β
CRSSelect profile
CVE-2025-58098
8.3
Apache HTTP ServerMultiple Products
Apache HTTP Server 2
CVSS Base8.3
β
CRSSelect profile
CVE-2025-64057
8.3
Directory traversal vulnerability in FanvilMultiple Products
Directory traversal vulnerability in Fanvil x210 V2 2
CVSS Base8.3
β
CRSSelect profile
CVE-2025-65036
8.3
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content fromMultiple Products
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence
CVSS Base8.3
β
CRSSelect profile
CVE-2025-64053
8.2
A Buffer overflow vulnerability on FanvilMultiple Products
A Buffer overflow vulnerability on Fanvil x210 2
CVSS Base8.2
β
CRSSelect profile
CVE-2025-12995
8.1
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certainMultiple Products
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances
CVSS Base8.1
β
CRSSelect profile
CVE-2025-12851
8.1
The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions upMultiple Products
The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3
CVSS Base8.1
β
CRSSelect profile
CVE-2025-13614
8.1
The Cool Tag Cloud plugin for WordPress is vulnerable to StoredMultiple Products
The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2
CVSS Base8.1
β
CRSSelect profile
CVE-2025-65879
8.1
Warehouse Management SystemMultiple Products
Warehouse Management System 1
CVSS Base8.1
β
CRSSelect profile
CVE-2025-54305
7.8
An issue was discovered in the Thermo Fisher Torrent Suite Django applicationMultiple Products
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5
CVSS Base7.8
β
CRSSelect profile
CVE-2025-54158
7.8
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop beforeMultiple Products
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1
CVSS Base7.8
β
CRSSelect profile
CVE-2025-54160
7.8
Improper limitation of a pathname to a restricted directoryMultiple Products
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in BeeDrive in Synology BeeDrive for desktop before 1
CVSS Base7.8
β
CRSSelect profile
CVE-2024-9183
7.7
GitLab has remediated an issue in GitLabMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18
CVSS Base7.7
β
CRSSelect profile
CVE-2024-45539
7.5
UnknownMultiple Products
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7
CVSS Base7.5
β
CRSSelect profile
CVE-2025-54159
7.5
Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop beforeMultiple Products
Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-56427
7.5
Directory Traversal vulnerability in ComposioHQMultiple Products
Directory Traversal vulnerability in ComposioHQ v
CVSS Base7.5
β
CRSSelect profile
CVE-2025-57210
7.5
Incorrect access control in the componentMultiple Products
Incorrect access control in the component ApiPayController
CVSS Base7.5
β
CRSSelect profile
CVE-2025-57212
7.5
Incorrect access control in the componentMultiple Products
Incorrect access control in the component ApiOrderService
CVSS Base7.5
β
CRSSelect profile
CVE-2025-57213
7.5
Incorrect access control in the componentMultiple Products
Incorrect access control in the component orderService
CVSS Base7.5
β
CRSSelect profile
CVE-2025-63363
7.5
A lack of Management Frame Protection in WaveshareMultiple Products
A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65637
7.5
AMultiple Products
A denial-of-service vulnerability exists in github
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65945
7.5
UnknownMultiple Products
auth0/node-jws is a JSON Web Signature implementation for Node
CVSS Base7.5
β
CRSSelect profile
CVE-2025-12097
7.5
There is a relative path traversal vulnerability in the NI System Web Server that may result in informationMultiple Products
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure
CVSS Base7.5
β
CRSSelect profile
CVE-2025-53704
7.5
The password reset mechanism for the Pivot client application isMultiple Products
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account
CVSS Base7.5
β
CRSSelect profile
CVE-2025-66506
7.5
Fulcio is aMultiple Products
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity
CVSS Base7.5
β
CRSSelect profile
CVE-2025-13373
7.5
Advantech iView versionsMultiple Products
Advantech iView versions 5
CVSS Base7.5
β
CRSSelect profile
CVE-2025-66564
7.5
Sigstore Timestamp Authority is a service for issuing RFCMultiple Products
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps
CVSS Base7.5
β
CRSSelect profile
CVE-2025-12850
7.5
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via theMultiple Products
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the βauction_idβ parameter in all versions up to, and including, 3
CVSS Base7.5
β
CRSSelect profile
CVE-2025-55753
7.5
An integer overflow in the case of failed ACME certificate renewalMultiple Products
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0
CVSS Base7.5
β
CRSSelect profile
CVE-2025-59775
7.5
UnknownMultiple Products
Server-Side Request Forgery (SSRF) vulnerability
Β in Apache HTTP Server on Windows
with AllowEncodedSlashes OnΒ and MergeSlashes OffΒ allows to potentially leak NTLM
hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2
CVSS Base7.5
β
CRSSelect profile
CVE-2025-13654
7.5
A stack buffer overflow vulnerability exists in theMultiple Products
A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65878
7.5
The warehouse management system versionMultiple Products
The warehouse management system version 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-66624
7.5
BACnet Protocol Stack library provides a BACnet applicationMultiple Products
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services
CVSS Base7.5
β
CRSSelect profile
CVE-2025-66623
7.4
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deploymentMultiple Products
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations
CVSS Base7.4
β
CRSSelect profile
CVE-2025-66561
7.3
SysReptor is a fully customizable pentest reportingMultiple Products
SysReptor is a fully customizable pentest reporting platform
CVSS Base7.3
β
CRSSelect profile
CVE-2025-14091
7.3
A weakness has been identified in TrippWasTakenMultiple Products
A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555
CVSS Base7.3
β
CRSSelect profile
CVE-2025-11727
7.2
The Omnichannel forMultiple Products
The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration β Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync() function in all versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2025-29846
7.2
A vulnerability in portenable cgi allows remote authenticated users to get the status of installedMultiple Products
A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages
CVSS Base7.2
β
CRSSelect profile
CVE-2025-54306
7.2
An issue was discovered in the Thermo Fisher Torrent Suite Django applicationMultiple Products
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5
CVSS Base7.2
β
CRSSelect profile
CVE-2025-66238
7.2
DCIM dcTrack allows an attacker to misuse certain remote accessMultiple Products
DCIM dcTrack allows an attacker to misuse certain remote access features