Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Saturday's disclosure cycle reports 13 critical CVEs, a 48% decrease from Friday's 25 critical vulnerabilities. High-priority issues declined 9% to 91 CVEs, while actively exploited vulnerabilities increased 6% to 17 KEV entries. Notable KEV additions include CVE-2025-59718 affecting Fortinet products, CVE-2025-48633 and CVE-2025-48572 targeting Android Framework, CVE-2025-40602 in SonicWall SMA1000 appliances, and CVE-2025-20393 impacting Cisco products. Critical vulnerabilities include CVE-2025-13329 (arbitrary file upload in File Uploader for WooCommerce), CVE-2025-68613 (CVSS 9.9), and CVE-2025-14964 affecting TOTOLINK devices. Patch availability stands at 0%, requiring compensating controls across all disclosed vulnerabilities.
13 critical CVEs disclosed, down 48% from Friday's 25
91 high-priority vulnerabilities, a 9% decrease from 100
17 actively exploited CVEs including Fortinet, Android Framework, SonicWall SMA1000, and Cisco products
WordPress plugins (File Uploader for WooCommerce, Flex Store Users) and network appliances (TOTOLINK, D-Link) heavily represented
Immediate action: Prioritize network segmentation and access controls for Fortinet, SonicWall, and Cisco devices listed in KEV entries. Implement web application firewall rules to block exploitation attempts against WordPress plugin vulnerabilities. Weekend security teams should monitor for exploitation activity against Android Framework and WinRAR vulnerabilities while awaiting vendor patches.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-59718
9.5đ
FortinetMultiple Products
â° Federal Deadline:December 22, 2025(3 days remaining)
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-48633
9.5đ
AndroidFramework
â° Federal Deadline:December 22, 2025(3 days remaining)
Android Framework Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-48572
9.5đ
AndroidFramework
â° Federal Deadline:December 22, 2025(3 days remaining)
Android Framework Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-40602
9.5
SonicWallSMA1000 appliance
â° Federal Deadline:December 23, 2025(4 days remaining)
SonicWall SMA1000 Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-20393
9.5
CiscoMultiple Products
â° Federal Deadline:December 23, 2025(4 days remaining)
Cisco Multiple Products Improper Input Validation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-26828
9.5
OpenPLCScadaBR
â° Federal Deadline:December 23, 2025(4 days remaining)
OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-14733
9.8
AnMultiple Products
â° Federal Deadline:December 25, 2025(6 days remaining)
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.
CVSS Base9.8
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-37055
9.5
D-LinkRouters
â° Federal Deadline:December 28, 2025(9 days remaining)
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-66644
9.5
Array Networks ArrayOS AG
â° Federal Deadline:December 28, 2025(9 days remaining)
Array Networks ArrayOS AG OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6218
9.5
RARLABWinRAR
â° Federal Deadline:December 29, 2025(10 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-62221
9.5đ
MicrosoftWindows
â° Federal Deadline:December 29, 2025(10 days remaining)
Microsoft Windows Use After Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-58360
9.5
OSGeoGeoServer
â° Federal Deadline:December 31, 2025(12 days remaining)
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2018-4063
9.5
Sierra WirelessAirLink ALEOS
â° Federal Deadline:January 1, 2026(13 days remaining)
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14174
9.5đ
GoogleChromium
â° Federal Deadline:January 1, 2026(13 days remaining)
Google Chromium Out of Bounds Memory Access Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14611
9.5
GladinetCentreStack and Triofox
â° Federal Deadline:January 4, 2026(16 days remaining)
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-43529
9.5đ
AppleMultiple Products
â° Federal Deadline:January 4, 2026(16 days remaining)
Apple Multiple Products Use-After-Free WebKit Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59374
9.5
ASUSLive Update
â° Federal Deadline:January 6, 2026(18 days remaining)
ASUS Live Update Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-13329
9.8đ
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for theMultiple Products
The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files to the Uploadcare service and subsequently download them on the affected site's server which may make remote code execution possible.
CVSS Base9.8
â
CRSSelect profile
CVE-2023-53948
9.8đ
UnknownMultiple Products
Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmap_binary parameter to execute a reverse shell by sending a crafted POST request to the autodiscovery endpoint.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-66580
9.6đ
Dive is anMultiple Products
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary JavaScript via `javascript:`. An attacker can exploit this to inject a malicious Model Context Protocol (MCP) server configuration, leading to Remote Code Execution (RCE) on the victim's machine when the node is clicked. Version 0.11.1 fixes the issue.
CVSS Base9.6
â
CRSSelect profile
CVE-2025-13619
9.8đ
The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions upMultiple Products
The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the 'fsUserHandle::signup' and the 'fsSellerRole::add_role_seller' functions not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can be exploited with the 'fs_type' parameter if the Flex Store Seller plugin is also activated.
CVSS Base9.8
â
CRSSelect profile
CVE-2023-53957
9.8đ
KimaiMultiple Products
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68613
9.9đ
UnknownMultiple Products
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.
CVSS Base9.9
â
CRSSelect profile
CVE-2025-14964
9.8đ
A vulnerability has been found in TOTOLINKMultiple Products
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.
CVSS Base9.8
â
CRSSelect profile
CVE-2023-53959
9.8đ
FileZilla ClientMultiple Products
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-63665
9.8đ
An issue in GT Edge AI Platform Versions beforeMultiple Products
An issue in GT Edge AI Platform Versions before v2.0.10-dev allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window.
CVSS Base9.8
â
CRSSelect profile
CVE-2023-53950
9.8đ
InnovaStudio WYSIWYG EditorMultiple Products
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.
CVSS Base9.8
â
CRSSelect profile
CVE-2023-53951
9.8đ
Ever GauzyMultiple Products
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-1928
9.1đ
Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information TechnologiesMultiple Products
Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.This issue affects Online Food Delivery System: through 19122025.
CVSS Base9.1
â
CRSSelect profile
CVE-2024-49587
9.1đ
GluttonMultiple Products
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-14364
8.8đ
WordPressMultiple Products
The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handle_request() function in all versions up to, and including, 2
CVSS Base8.8
â
CRSSelect profile
CVE-2025-13941
8.8đ
localMultiple Products
A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service
CVSS Base8.8
â
CRSSelect profile
CVE-2025-66499
7.8đ
AMultiple Products
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13641
8.8đ
WordPressMultiple Products
The Photo Gallery, Sliders, Proofing and Themes â NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-14861
8.8đ
MemoryMultiple Products
Memory safety bugs present in Firefox 146
CVSS Base8.8
â
CRSSelect profile
CVE-2025-64675
8.3đ
ImproperMultiple Products
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network
CVSS Base8.3
â
CRSSelect profile
CVE-2025-64677
8.2đ
ImproperMultiple Products
Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network
CVSS Base8.2
â
CRSSelect profile
CVE-2025-66493
7.8đ
EditorMultiple Products
A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025
CVSS Base7.8
â
CRSSelect profile
CVE-2025-66494
7.8đ
ReaderMultiple Products
A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025
CVSS Base7.8
â
CRSSelect profile
CVE-2025-66495
7.8đ
ReaderMultiple Products
A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14437
7.5đ
WordPressMultiple Products
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3
CVSS Base7.5
â
CRSSelect profile
CVE-2025-14812
7.5đ
priorMultiple Products
ArcSearch for iOS versions prior to 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-14809
7.4đ
priorMultiple Products
ArcSearch for Android versions prior to 1
CVSS Base7.4
â
CRSSelect profile
CVE-2025-13307
7.2đ
WordPressMultiple Products
The Ocean Modal Window WordPress plugin before 2
CVSS Base7.2
â
CRSSelect profile
CVE-2025-13999
7.2đ
WordPressMultiple Products
The HTML5 Audio Player â The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions from 2
CVSS Base7.2
â
CRSSelect profile
CVE-2025-67745
7.1
MyHoardMultiple Products
MyHoard is a daemon for creating, managing and restoring MySQL backups
CVSS Base7.1
â
CRSSelect profile
CVE-2025-14849
8.8
AdvantechMultiple Products
Advantech WebAccess/SCADAÂ
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67843
8.3
RenderingMultiple Products
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file
CVSS Base8.3
â
CRSSelect profile
CVE-2021-47711
8.8
Kentico XperienceMultiple Products
A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters
CVSS Base8.8
â
CRSSelect profile
CVE-2025-50681
7.5
igmpproxyMultiple Products
igmpproxy 0
CVSS Base7.5
â
CRSSelect profile
CVE-2025-64469
7.8
NI LabVIEW inMultiple Products
There is a stack-based buffer overflow vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2025-63391
7.5
authenticationMultiple Products
An authentication bypass vulnerability exists in Open-WebUI <=0
CVSS Base7.5
â
CRSSelect profile
CVE-2025-63950
7.5
insecureMultiple Products
An insecure deserialization vulnerability exists in the download
CVSS Base7.5
â
CRSSelect profile
CVE-2025-63951
7.5
insecureMultiple Products
An insecure deserialization vulnerability exists in the rss-mp3
CVSS Base7.5
â
CRSSelect profile
CVE-2025-40892
8.9
StoredMultiple Products
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter
CVSS Base8.9
â
CRSSelect profile
CVE-2019-25229
8.8
Kentico XperienceMultiple Products
An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53942
8.8
FileMultiple Products
File Thingie 2
CVSS Base8.8
â
CRSSelect profile
CVE-2025-62001
8.8
BullWallMultiple Products
BullWall Ransomware Containment contains excluded file paths, such as '$recycle
CVSS Base8.8
â
CRSSelect profile
CVE-2025-52692
8.8
SuccessfulMultiple Products
Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53945
8.8
BrainyCPMultiple Products
BrainyCP 1
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53952
8.8
DotclearMultiple Products
Dotclear 2
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53956
8.8
FlatnuxMultiple Products
Flatnux 2021-03
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53946
8.4
ArcsoftMultiple Products
Arcsoft PhotoStudio 6
CVSS Base8.4
â
CRSSelect profile
CVE-2023-53947
8.4
InventoryMultiple Products
OCS Inventory NG 2
CVSS Base8.4
â
CRSSelect profile
CVE-2023-53949
8.4
AspEmailMultiple Products
AspEmail 5
CVSS Base8.4
â
CRSSelect profile
CVE-2025-11774
8.2
software keyboardMultiple Products
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10
CVSS Base8.2
â
CRSSelect profile
CVE-2025-40898
8.1
pathMultiple Products
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file
CVSS Base8.1
â
CRSSelect profile
CVE-2025-14850
8.1
AdvantechMultiple Products
Advantech WebAccess/SCADAÂ is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files
CVSS Base8.1
â
CRSSelect profile
CVE-2025-64461
7.8
NI LabVIEW in ThereMultiple Products
There is an out of bounds write vulnerability in NI LabVIEW in mgocre_SH_25_3!RevBL() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64462
7.8
NI LabVIEW in ThereMultiple Products
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64463
7.8
NI LabVIEW in ThereMultiple Products
There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64464
7.8
NI LabVIEW in ThereMultiple Products
There is an out of bounds read vulnerability in NI LabVIEW in lvre!VisaWriteFromFile() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64465
7.8
NI LabVIEW in ThereMultiple Products
There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64466
7.8
NI LabVIEW in ThereMultiple Products
There is an out of bounds read vulnerability in NI LabVIEW in lvre!ExecPostedProcRecPost() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64467
7.8
NI LabVIEW in ThereMultiple Products
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::FindRsrcListEntry() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64468
7.8
ThereMultiple Products
There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file
CVSS Base7.8
â
CRSSelect profile
CVE-2023-53937
7.8
HubstaffMultiple Products
Hubstaff 1
CVSS Base7.8
â
CRSSelect profile
CVE-2023-53940
7.8
MarkdownMultiple Products
Codigo Markdown Editor 1
CVSS Base7.8
â
CRSSelect profile
CVE-2025-68279
7.7
WeblateMultiple Products
Weblate is a web based localization tool
CVSS Base7.7
â
CRSSelect profile
CVE-2025-68477
7.7
LangflowMultiple Products
Langflow is a tool for building and deploying AI-powered agents and workflows
CVSS Base7.7
â
CRSSelect profile
CVE-2025-67442
7.6
UnknownMultiple Products
EVE-NG 6
CVSS Base7.6
â
CRSSelect profile
CVE-2025-1029
7.5
Utarit InformationMultiple Products
Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc
CVSS Base7.5
â
CRSSelect profile
CVE-2025-1030
7.5
Utarit InformaticsMultiple Products
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc
CVSS Base7.5
â
CRSSelect profile
CVE-2025-1031
7.5
Utarit InformaticsMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc
CVSS Base7.5
â
CRSSelect profile
CVE-2025-63757
7.5
Integer overflowMultiple Products
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output
CVSS Base7.5
â
CRSSelect profile
CVE-2025-7358
7.5
Utarit InformaticsMultiple Products
Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc
CVSS Base7.5
â
CRSSelect profile
CVE-2025-14896
7.5
insufficientMultiple Products
due to insufficient sanitazation in Vegaâs `convert()` function when `safeMode` is enabled and the spec variable is an array
CVSS Base7.5
â
CRSSelect profile
CVE-2025-63387
7.5
DifyMultiple Products
Dify v1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65559
7.5
issueMultiple Products
An issue was discovered in Open5GS 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65561
7.5
issueMultiple Products
An issue was discovered in function LocalNode
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65562
7.5
TheMultiple Products
The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65563
7.5
AMultiple Products
A denial-of-service vulnerability exists in the omec-project UPF (component upf-epc/pfcpiface) up to at least version upf-epc-pfcpiface:2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65564
7.5
AMultiple Products
A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in version upf-epc-pfcpiface:2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65565
7.5
AMultiple Products
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65567
7.5
AMultiple Products
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65568
7.5
AMultiple Products
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2
CVSS Base7.5
â
CRSSelect profile
CVE-2021-47712
7.5
Kentico XperienceMultiple Products
A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53934
7.5
Kentico XperienceMultiple Products
A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65566
7.5
AMultiple Products
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-53710
7.5
productMultiple Products
Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other
CVSS Base7.5
â
CRSSelect profile
CVE-2025-14847
7.5
unauthenticatedMultiple Products
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66909
7.5
TurmsMultiple Products
Turms AI-Serving module v0
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66905
7.5
takeMultiple Products
The Takes web framework's TkFiles take thru 2
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53958
7.5
ServiceMultiple Products
LDAP Tool Box Self Service Password 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-14877
7.3
ManagementMultiple Products
A vulnerability was identified in Campcodes Supplier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14940
7.3
TrackingMultiple Products
A vulnerability was determined in code-projects Scholars Tracking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14950
7.3
TrackingMultiple Products
A weakness has been identified in code-projects Scholars Tracking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14951
7.3
TrackingMultiple Products
A security vulnerability has been detected in code-projects Scholars Tracking System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14952
7.3
ManagementMultiple Products
A vulnerability was detected in Campcodes Supplier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14959
7.3
StockMultiple Products
A weakness has been identified in code-projects Simple Stock System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14960
7.3
ManagementMultiple Products
A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14961
7.3
ManagementMultiple Products
A vulnerability was detected in code-projects Simple Blood Donor Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14967
7.3
ManagementMultiple Products
A vulnerability was identified in itsourcecode Student Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14968
7.3
StockMultiple Products
A security flaw has been discovered in code-projects Simple Stock System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14884
7.2
D-LinkMultiple Products
A vulnerability was detected in D-Link DIR-605 202WWB03
CVSS Base7.2
â
CRSSelect profile
CVE-2020-36890
7.2
Kentico XperienceMultiple Products
An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests
CVSS Base7.2
â
CRSSelect profile
CVE-2025-64676
7.2
UnknownMultiple Products
'
CVSS Base7.2
â
CRSSelect profile
CVE-2025-68385
7.2
ImproperMultiple Products
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a method in Vega bypassing a previous Vega XSS mitigation
CVSS Base7.2
â
CRSSelect profile
CVE-2025-62000
7.1
BullWallMultiple Products
BullWall Ransomware Containment does not entirely inspect a file to determine if it is ransomware
CVSS Base7.1
â
CRSSelect profile
CVE-2025-1927
7.1
Restajet InformationMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Restajet Information Technologies Inc
CVSS Base7.1
â
CRSSelect profile
CVE-2025-68478
7.1
LangflowMultiple Products
Langflow is a tool for building and deploying AI-powered agents and workflows