Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
This curated brief highlights 0 critical vulnerabilities and 17 high-priority updates requiring immediate attention.
19 total vulnerabilities disclosed in last 24 hours
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-13223
9.5π
GoogleChromium V8
β° Federal Deadline:December 9, 2025(3 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-61757
9.5π
OracleFusion Middleware
β° Federal Deadline:December 11, 2025(5 days remaining)
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2021-26829
9.5
OpenPLCScadaBR
β° Federal Deadline:December 18, 2025(12 days remaining)
OpenPLC ScadaBR Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48633
9.5
AndroidFramework
β° Federal Deadline:December 22, 2025(16 days remaining)
Android Framework Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48572
9.5
AndroidFramework
β° Federal Deadline:December 22, 2025(16 days remaining)
Android Framework Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2021-26828
9.5
OpenPLCScadaBR
β° Federal Deadline:December 23, 2025(17 days remaining)
OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-55182
9.5π
MetaReact Server Components
β° Federal Deadline:December 25, 2025(19 days remaining)
Meta React Server Components Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-12966
8.8π
WordPressMultiple Products
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-13065
8.8π
WordPressMultiple Products
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12510
7.2π
GoogleMultiple Products
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 13
CVSS Base7.2
β
CRSSelect profile
CVE-2025-12499
7.2π
GoogleMultiple Products
The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contents of a Google Review in all versions up to, and including, 6
CVSS Base7.2
β
CRSSelect profile
CVE-2025-14126
8.8π
hasMultiple Products
A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14133
8.8π
LinksysMultiple Products
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14134
8.8π
LinksysMultiple Products
A vulnerability was determined in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14135
8.8π
LinksysMultiple Products
A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14136
8.8π
LinksysMultiple Products
A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14141
8.8π
flawMultiple Products
A flaw has been found in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14191
8.8π
hasMultiple Products
A vulnerability has been found in UTT θΏε 512W up to 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14196
8.8π
weaknessMultiple Products
A weakness has been identified in H3C Magic B1 up to 100R004
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14189
7.3π
wasMultiple Products
A vulnerability was detected in Chanjet CRM up to 20251121
CVSS Base7.3
β
CRSSelect profile
CVE-2025-14190
7.3π
flawMultiple Products
A flaw has been found in Chanjet TPlus up to 20251121
CVSS Base7.3
β
CRSSelect profile
CVE-2025-14192
7.3π
wasMultiple Products
A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2
CVSS Base7.3
β
CRSSelect profile
CVE-2025-14187
7.2
weaknessMultiple Products
A weakness has been identified in UGREEN DH2100+ up to 5
CVSS Base7.2
β
CRSSelect profile
CVE-2025-14188
7.2
securityMultiple Products
A security vulnerability has been detected in UGREEN DH2100+ up to 5