Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Wednesday's vulnerability disclosure includes 11 critical CVEs (CVSS 9.0+), a 22% increase from yesterday's 9 critical issues. High-priority vulnerabilities reached 71 entries, up 31% from yesterday's 54, indicating sustained disclosure activity mid-week. Fourteen actively exploited vulnerabilities require attention, including CVE-2025-59718 affecting Fortinet products, CVE-2025-6218 in WinRAR, and CVE-2025-62221 targeting Microsoft Windows. Notable critical disclosures include CVE-2025-63414 (CVSS 10.0) path traversal in Allsky WebUI, CVE-2025-37164 (CVSS 10.0) remote code execution in HPE products, and CVE-2025-46295 (CVSS 9.8) affecting Apache Commons Text. Patch availability stands at 0%, requiring organizations to prioritize compensating controls until vendor fixes become available.
11 critical CVEs disclosed, up 22% from yesterday's 9 critical vulnerabilities
71 high-priority CVEs represent a 31% increase from yesterday's 54 entries
14 actively exploited vulnerabilities affecting Fortinet, WinRAR, Microsoft Windows, and Google Chromium
0% patch availability requires immediate compensating control deployment
Critical systems affected include HPE products, Apache Commons Text, NVIDIA Isaac Lab, and Open edX Platform
Immediate action: Prioritize network segmentation and access restrictions for systems affected by KEV entries, particularly Fortinet appliances, WinRAR installations, and Windows environments. With zero patches currently available, implement web application firewalls, disable unnecessary services, and enhance monitoring for exploitation attempts. Mid-week timing allows for coordinated response planning before weekend staffing reductions.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2021-26829
9.5
OpenPLCScadaBR
â° Federal Deadline:December 18, 2025(2 days remaining)
OpenPLC ScadaBR Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-59718
9.5đ
FortinetMultiple Products
â° Federal Deadline:December 22, 2025(6 days remaining)
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-48633
9.5đ
AndroidFramework
â° Federal Deadline:December 22, 2025(6 days remaining)
Android Framework Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-48572
9.5đ
AndroidFramework
â° Federal Deadline:December 22, 2025(6 days remaining)
Android Framework Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-26828
9.5
OpenPLCScadaBR
â° Federal Deadline:December 23, 2025(7 days remaining)
OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-37055
9.5
D-LinkRouters
â° Federal Deadline:December 28, 2025(12 days remaining)
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-66644
9.5
Array Networks ArrayOS AG
â° Federal Deadline:December 28, 2025(12 days remaining)
Array Networks ArrayOS AG OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6218
9.5
RARLABWinRAR
â° Federal Deadline:December 29, 2025(13 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-62221
9.5đ
MicrosoftWindows
â° Federal Deadline:December 29, 2025(13 days remaining)
Microsoft Windows Use After Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-58360
9.5
OSGeoGeoServer
â° Federal Deadline:December 31, 2025(15 days remaining)
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2018-4063
9.5
Sierra WirelessAirLink ALEOS
â° Federal Deadline:January 1, 2026(16 days remaining)
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14174
9.5đ
GoogleChromium
â° Federal Deadline:January 1, 2026(16 days remaining)
Google Chromium Out of Bounds Memory Access Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14611
9.5
GladinetCentreStack and Triofox
â° Federal Deadline:January 4, 2026(19 days remaining)
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-43529
9.5
AppleMultiple Products
â° Federal Deadline:January 4, 2026(19 days remaining)
Apple Multiple Products Use-After-Free WebKit Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-63414
10đ
A Path Traversal vulnerability in the Allsky WebUI versionMultiple Products
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute arbitrary commands on the underlying operating system, leading to full remote code execution (RCE).
CVSS Base10
â
CRSSelect profile
CVE-2025-67744
9.6đ
DeepChat is anMultiple Products
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer to the DOM, this Cross-Site Scripting (XSS) flaw escalates to full Remote Code Execution (RCE), allowing an attacker to execute arbitrary system commands. Two concurrent issues, unsafe Mermaid configuration and an exposed IPC interface, cause this issue. Version 0.5.3 contains a patch.
CVSS Base9.6
â
CRSSelect profile
CVE-2023-53895
9.8đ
PimpMyLogMultiple Products
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.
CVSS Base9.8
â
CRSSelect profile
CVE-2023-53894
9.8đ
phpfmMultiple Products
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-37164
10đ
A remote code execution issue exists in HPEMultiple Products
A remote code execution issue exists in HPE OneView.
CVSS Base10
â
CRSSelect profile
CVE-2025-46295
9.8đ
Apache Commons Text versions prior toMultiple Products
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-14700
9.9đ
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows aMultiple Products
An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.
CVSS Base9.9
â
CRSSelect profile
CVE-2025-66131
9.1đ
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WCMultiple Products
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For WC: from n/a through <= 2.2.10.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-33210
9đ
NVIDIA Isaac Lab contains a deserializationMultiple Products
NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.
CVSS Base9
â
CRSSelect profile
CVE-2025-68270
9.9đ
The Open edX Platform is a learning managementMultiple Products
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and CourseLimitedStaffRole users are able to list courses they have the role on in studio even though they are not meant to have any access on the studio side for the course. Commit 05d0d0936daf82c476617257aa6c35f0cd4ca060 fixes the issue.
CVSS Base9.9
â
CRSSelect profile
CVE-2023-53899
9.8đ
PodcastGeneratorMultiple Products
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-68065
7.5đ
LiquidThemes Hub CoreMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68067
7.5đ
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-33235
7.8đ
NVIDIAMultiple Products
NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition
CVSS Base7.8
â
CRSSelect profile
CVE-2025-68061
7.5đ
ThemeMove EduMallMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68062
7.5đ
ThemeMove MinimogWPMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68066
7.5đ
PenciDesign SoledadMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68068
7.5đ
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-14002
8.1đ
WordPressMultiple Products
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1
CVSS Base8.1
â
CRSSelect profile
CVE-2025-67962
7.6đ
AIOSEOMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection
CVSS Base7.6
â
CRSSelect profile
CVE-2025-14383
7.5đ
WordPressMultiple Products
The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates_to_check' parameter in all versions up to, and including, 10
CVSS Base7.5
â
CRSSelect profile
CVE-2025-11924
7.5đ
WordPressMultiple Products
The Ninja Forms â The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3
CVSS Base7.5
â
CRSSelect profile
CVE-2025-14443
8.5đ
flawMultiple Products
A flaw was found in ose-openshift-apiserver
CVSS Base8.5
â
CRSSelect profile
CVE-2025-67950
8.5đ
Syed Balkhi All InMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection
CVSS Base8.5
â
CRSSelect profile
CVE-2025-68053
8.5đ
LambertGroupMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection
CVSS Base8.5
â
CRSSelect profile
CVE-2025-68054
8.5đ
LambertGroupMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection
CVSS Base8.5
â
CRSSelect profile
CVE-2025-68055
8.5
Themefic HydraMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection
CVSS Base8.5
â
CRSSelect profile
CVE-2025-68056
8.5
LambertGroup LBGMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows SQL Injection
CVSS Base8.5
â
CRSSelect profile
CVE-2025-14701
7.1
theMultiple Products
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification
CVSS Base7.1
â
CRSSelect profile
CVE-2025-68116
8.9
fileMultiple Products
FileRise is a self-hosted web file manager / WebDAV server
CVSS Base8.9
â
CRSSelect profile
CVE-2024-44598
8.8đ
FNTMultiple Products
FNT Command 13
CVSS Base8.8
â
CRSSelect profile
CVE-2025-60786
8.8đ
import a ProjectMultiple Products
A Zip Slip vulnerability in the import a Project component of iceScrum v7
CVSS Base8.8
â
CRSSelect profile
CVE-2025-66437
8.8
ERPNextMultiple Products
An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method of Frappe ERPNext through 15
CVSS Base8.8
â
CRSSelect profile
CVE-2025-9121
8.8đ
versionsMultiple Products
Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10
CVSS Base8.8
â
CRSSelect profile
CVE-2025-66449
8.8đ
ConvertXisMultiple Products
ConvertXis a self-hosted online file converter
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53900
8.8
SpipMultiple Products
Spip 4
CVSS Base8.8
â
CRSSelect profile
CVE-2025-11393
8.7đ
flawMultiple Products
A flaw was found in runtimes-inventory-rhel8-operator
CVSS Base8.7
â
CRSSelect profile
CVE-2025-66635
7.2đ
UnknownMultiple Products
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config
CVSS Base7.2
â
CRSSelect profile
CVE-2025-33225
8.4
NVIDIAMultiple Products
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names
CVSS Base8.4
â
CRSSelect profile
CVE-2024-44599
8.3
FNTMultiple Products
FNT Command 13
CVSS Base8.3
â
CRSSelect profile
CVE-2025-65781
8.2
issueMultiple Products
An issue was discovered in Wekan The Open Source kanban board system up to version 18
CVSS Base8.2
â
CRSSelect profile
CVE-2025-65742
8.2
Newgen OmniDocsMultiple Products
An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11
CVSS Base8.2
â
CRSSelect profile
CVE-2025-65778
8.1
issueMultiple Products
An issue was discovered in Wekan The Open Source kanban board system up to version 18
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68154
8.1
systeminformationMultiple Products
systeminformation is a System and OS information library for node
CVSS Base8.1
â
CRSSelect profile
CVE-2025-10881
7.8
maliciouslyMultiple Products
A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10882
7.8
maliciouslyMultiple Products
AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10883
7.8
maliciouslyMultiple Products
A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10884
7.8
maliciouslyMultiple Products
AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10886
7.8
maliciouslyMultiple Products
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10887
7.8
maliciouslyMultiple Products
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10888
7.8
maliciouslyMultiple Products
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10889
7.8
maliciouslyMultiple Products
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10898
7.8
maliciouslyMultiple Products
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10899
7.8
maliciouslyMultiple Products
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-10900
7.8
maliciouslyMultiple Products
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14593
7.8
maliciouslyMultiple Products
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9452
7.8
maliciouslyMultiple Products
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9453
7.8
maliciouslyMultiple Products
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9454
7.8
maliciouslyMultiple Products
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9455
7.8
maliciouslyMultiple Products
A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9456
7.8
maliciouslyMultiple Products
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9457
7.8
maliciouslyMultiple Products
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9459
7.8
maliciouslyMultiple Products
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-9460
7.8
maliciouslyMultiple Products
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14252
7.8
Advantech SUSI driverMultiple Products
An Improper Access Control vulnerability in Advantech SUSI driver (susi
CVSS Base7.8
â
CRSSelect profile
CVE-2025-33226
7.8
NVIDIAMultiple Products
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection
CVSS Base7.8
â
CRSSelect profile
CVE-2025-53524
7.8
FujiMultiple Products
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write
while processing a specially crafted project file, which may allow an
attacker to execute arbitrary code
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14305
7.8
UnknownMultiple Products
ListCheck
CVSS Base7.8
â
CRSSelect profile
CVE-2025-65176
7.5
OneAgentMultiple Products
An issue was discovered in Dynatrace OneAgent before 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61976
7.5
CHOCOMultiple Products
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions
CVSS Base7.5
â
CRSSelect profile
CVE-2025-13474
7.5
Menulux SoftwareMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53896
7.5
D-LinkMultiple Products
D-Link DAP-1325 firmware version 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68155
7.5
ReactMultiple Products
@vitejs/plugin-rs provides React Server Components (RSC) support for Vite
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68156
7.5
ExprMultiple Products
Expr is an expression language and expression evaluation for Go
CVSS Base7.5
â
CRSSelect profile
CVE-2025-48429
7.4
GrassrootMultiple Products
An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3
CVSS Base7.4
â
CRSSelect profile
CVE-2025-52582
7.4
GrassrootMultiple Products
An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3
CVSS Base7.4
â
CRSSelect profile
CVE-2025-53618
7.4
GrassrootMultiple Products
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3
CVSS Base7.4
â
CRSSelect profile
CVE-2025-53619
7.4
GrassrootMultiple Products
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3
CVSS Base7.4
â
CRSSelect profile
CVE-2025-33212
7.3
NVIDIAMultiple Products
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14503
7.2
AnMultiple Products
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption
CVSS Base7.2
â
CRSSelect profile
CVE-2025-67751
7.2
ChurchCRMMultiple Products
ChurchCRM is an open-source church management system
CVSS Base7.2
â
CRSSelect profile
CVE-2025-14038
7
HybridMultiple Products
EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints