Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This disclosure includes 22 critical-severity CVEs, a 47% increase from yesterday's 15 critical issues. High-priority vulnerabilities saw significant growth at 178% with 100 CVEs compared to 36 yesterday. Twelve actively exploited vulnerabilities require attention, including CVE-2025-62221 affecting Microsoft Windows, CVE-2025-6218 in RARLAB WinRAR, and CVE-2025-14174 targeting Google Chromium. Notable critical vulnerabilities include CVE-2024-57521 (CVSS 10.0) affecting RuoYi products and CVE-2025-14931 (CVSS 10.0) in Hugging Face smolagents, both enabling remote code execution. Patch availability stands at 0%, requiring organizations to implement compensating controls until vendor updates become available.
22 critical CVEs disclosed, up 47% from yesterday's 15
100 high-priority vulnerabilities, a 178% increase from 36 yesterday
12 actively exploited CVEs affecting WatchGuard, Microsoft Windows, WinRAR, and Google Chromium
0% patch availability across disclosed vulnerabilities
Multiple Tenda network devices and WordPress plugins among affected products
Immediate action: Prioritize assessment of actively exploited vulnerabilities affecting Microsoft Windows (CVE-2025-62221), WinRAR (CVE-2025-6218), and Google Chromium (CVE-2025-14174) given their widespread deployment. With no patches currently available, implement network segmentation, restrict unnecessary services, and increase endpoint monitoring. Consider reduced staffing levels during the holiday period when planning incident response coverage.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-14733
9.5
WatchGuardFirebox
â° Federal Deadline:December 25, 2025(2 days remaining)
WatchGuard Firebox Out of Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2022-37055
9.5
D-LinkRouters
â° Federal Deadline:December 28, 2025(5 days remaining)
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-66644
9.5
Array Networks ArrayOS AG
â° Federal Deadline:December 28, 2025(5 days remaining)
Array Networks ArrayOS AG OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-6218
9.5
RARLABWinRAR
â° Federal Deadline:December 29, 2025(6 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-62221
9.5đ
MicrosoftWindows
â° Federal Deadline:December 29, 2025(6 days remaining)
Microsoft Windows Use After Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-58360
9.5
OSGeoGeoServer
â° Federal Deadline:December 31, 2025(8 days remaining)
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2018-4063
9.5
Sierra WirelessAirLink ALEOS
â° Federal Deadline:January 1, 2026(9 days remaining)
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14174
9.5đ
GoogleChromium
â° Federal Deadline:January 1, 2026(9 days remaining)
Google Chromium Out of Bounds Memory Access Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14611
9.5
GladinetCentreStack and Triofox
â° Federal Deadline:January 4, 2026(12 days remaining)
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-43529
9.5đ
AppleMultiple Products
â° Federal Deadline:January 4, 2026(12 days remaining)
Apple Multiple Products Use-After-Free WebKit Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59374
9.5
ASUSLive Update
â° Federal Deadline:January 6, 2026(14 days remaining)
ASUS Live Update Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-52163
9.5
DigieverDS-2105 Pro
â° Federal Deadline:January 11, 2026(19 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-13773
9.8đ
The Print InvoiceMultiple Products
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_Notes::update' function, PHP enabled in Dompdf, and missing escape in the 'template.php' file. This makes it possible for unauthenticated attackers to execute code on the server.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-65354
9.8đ
Improper input handling inMultiple Products
Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend compromise.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-14388
9.8đ
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions upMultiple Products
The PhastPress plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read via null byte injection in all versions up to, and including, 3.7. This is due to a discrepancy between the extension validation in `getExtensionForURL()` which operates on URL-decoded paths, and `appendNormalized()` which strips everything after a null byte before constructing the filesystem path. This makes it possible for unauthenticated attackers to read arbitrary files from the webroot, including wp-config.php, by appending a double URL-encoded null byte (%2500) followed by an allowed extension (.txt) to the file path.
CVSS Base9.8
â
CRSSelect profile
CVE-2024-57521
10đ
SQL Injection vulnerability in RuoYiMultiple Products
SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
CVSS Base10
â
CRSSelect profile
CVE-2025-14931
10đ
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code ExecutionMultiple Products
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of pickle data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28312.
CVSS Base10
â
CRSSelect profile
CVE-2025-29229
9.8đ
linksysMultiple Products
linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-15044
9.8đ
A vulnerability was detected in TendaMultiple Products
A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-15045
9.8đ
A flaw has been found in TendaMultiple Products
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-14500
9.8đ
UnknownMultiple Products
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27394.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-15046
9.8đ
A vulnerability has been found in TendaMultiple Products
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-15047
9.8đ
A vulnerability was found in TendaMultiple Products
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68615
9.8đ
UnknownMultiple Products
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68664
9.3đ
LangChain is a framework for building agents andMultiple Products
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
CVSS Base9.3
â
CRSSelect profile
CVE-2025-67108
10đ
eProsimaMultiple Products
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
CVSS Base10
â
CRSSelect profile
CVE-2025-67109
10đ
Improper verification of the time certificate in Eclipse Cyclone DDS beforeMultiple Products
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
CVSS Base10
â
CRSSelect profile
CVE-2025-50526
9.8
NetgearMultiple Products
Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-29228
9.8
LinksysMultiple Products
Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-33222
9.8
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit aMultiple Products
NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-33223
9.8
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessaryMultiple Products
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-33224
9.8
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessaryMultiple Products
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-51511
9.8
Cadmium CMSMultiple Products
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68669
9.6
UnknownMultiple Products
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits the rendering of HTML tags within Mermaid diagram nodes. This issue has not been patched at time of publication.
CVSS Base9.6
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-68560
7.5đ
CodexThemes TheGemMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68544
7.5đ
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Diza allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68546
7.5đ
ImproperMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Nika allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-12934
8.1đ
WordPressMultiple Products
The Beaver Builder â WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2
CVSS Base8.1
â
CRSSelect profile
CVE-2025-14929
7.8đ
HuggingMultiple Products
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13706
7.8đ
TencentMultiple Products
Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13708
7.8đ
TencentMultiple Products
Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13709
7.8đ
TencentMultiple Products
Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14920
7.8đ
HuggingMultiple Products
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14921
7.8đ
HuggingMultiple Products
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14922
7.8đ
HuggingMultiple Products
Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14924
7.8đ
HuggingMultiple Products
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14925
7.8đ
HuggingMultiple Products
Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14926
7.8đ
HuggingMultiple Products
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability
Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels
Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-63663
7.5đ
IncorrectMultiple Products
Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-63664
7.5đ
IncorrectMultiple Products
Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-13703
7.8
VIPREMultiple Products
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14406
7.8
SodaMultiple Products
Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14488
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14489
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14490
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14491
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14492
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14493
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14494
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14495
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14496
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14497
7.8
RealDefenseMultiple Products
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14498
7.8
TradingViewMultiple Products
TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-68550
7.6
VillaTheme WPBulkyMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky allows Blind SQL Injection
CVSS Base7.6
â
CRSSelect profile
CVE-2025-68561
7.6
Ruben GarciaMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows SQL Injection
CVSS Base7.6
â
CRSSelect profile
CVE-2025-68645
8.8đ
LocalMultiple Products
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10
CVSS Base8.8
â
CRSSelect profile
CVE-2025-65817
8.8đ
LSCMultiple Products
LSC Smart Connect Indoor IP Camera 1
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53971
8.8đ
WebTareasMultiple Products
WebTareas 2
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53979
8.8đ
MyBBMultiple Products
MyBB 1
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53981
8.8đ
PhotoShowMultiple Products
PhotoShow 3
CVSS Base8.8
â
CRSSelect profile
CVE-2025-59886
8.8
ImproperMultiple Products
Improper input validation at one of the endpoints of Eaton xComfort ECI's
web interface, could lead into an attacker with network access to the device executing privileged user commands
CVSS Base8.8
â
CRSSelect profile
CVE-2021-47721
8.8
OrangescrumMultiple Products
Orangescrum 1
CVSS Base8.8
â
CRSSelect profile
CVE-2021-47735
8.8
CMSimpleMultiple Products
CMSimple 5
CVSS Base8.8
â
CRSSelect profile
CVE-2021-47736
8.8
UnknownMultiple Products
CMSimple_XH 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68665
8.6
LangChainMultiple Products
LangChain is a framework for building LLM-powered applications
CVSS Base8.6
â
CRSSelect profile
CVE-2022-50688
8.4đ
BackupMultiple Products
Cobian Backup Gravity 11
CVSS Base8.4
â
CRSSelect profile
CVE-2022-50690
8.4đ
WondershareMultiple Products
Wondershare MirrorGo 2
CVSS Base8.4
â
CRSSelect profile
CVE-2023-53965
8.4đ
ServerMultiple Products
SOUND4 Server Service 4
CVSS Base8.4
â
CRSSelect profile
CVE-2023-53973
8.4đ
TotalMultiple Products
Zillya Total Security 3
CVSS Base8.4
â
CRSSelect profile
CVE-2025-25364
8.4
A commandMultiple Products
A command injection vulnerability in the me
CVSS Base8.4
â
CRSSelect profile
CVE-2021-47739
8.4
EpicMultiple Products
Epic Games Easy Anti-Cheat 4
CVSS Base8.4
â
CRSSelect profile
CVE-2023-53960
8.2đ
EcoMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco version 2
CVSS Base8.2
â
CRSSelect profile
CVE-2023-53972
8.2
WebTareasMultiple Products
WebTareas 2
CVSS Base8.2
â
CRSSelect profile
CVE-2023-53975
8.2
AtomMultiple Products
Atom CMS 2
CVSS Base8.2
â
CRSSelect profile
CVE-2023-53982
8.2
PMBMultiple Products
PMB 7
CVSS Base8.2
â
CRSSelect profile
CVE-2025-66444
8.2
HitachiMultiple Products
Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-67826
7.7
UltimateMultiple Products
An issue was discovered in K7 Ultimate Security 17
CVSS Base7.7
â
CRSSelect profile
CVE-2025-66735
7.5
UnknownMultiple Products
youlai-boot V2
CVSS Base7.5
â
CRSSelect profile
CVE-2021-47713
7.5
HasuraMultiple Products
Hasura GraphQL 1
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53962
7.5
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco v2
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53964
7.5
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco v2
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53967
7.5
SFTMultiple Products
Screen SFT DAB 600/C firmware 1
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53969
7.5
SFTMultiple Products
Screen SFT DAB 600/C firmware 1
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53970
7.5
SFTMultiple Products
Screen SFT DAB 600/C Firmware 1
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53974
7.5
D-LinkMultiple Products
D-Link DSL-124 ME_1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65857
7.5
issueMultiple Products
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68475
7.5
federatedMultiple Products
Fedify is a TypeScript library for building federated server apps powered by ActivityPub