Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This disclosure includes 29 critical-severity vulnerabilities (CVSS 9.0+), a 32% increase from yesterday's 22 critical CVEs. High-priority vulnerabilities remain steady at 100 entries with no change from the previous day. Twelve actively exploited vulnerabilities require attention, including CVE-2025-14733 affecting WatchGuard Firebox, CVE-2022-37055 targeting D-Link Routers, CVE-2025-6218 in RARLAB WinRAR, and CVE-2025-62221 impacting Microsoft Windows. Notable critical disclosures include multiple SQL injection and filename control vulnerabilities (CVE-2025-68506, CVE-2025-68519, CVE-2025-68590) and legacy issues in Smartwares HOME easy and devolo dLAN products. Current patch availability stands at 0%, requiring organizations to implement compensating controls.
29 critical CVEs disclosed, up 32% from yesterday's 22 critical vulnerabilities
100 high-priority CVEs remain consistent with previous day totals
12 actively exploited vulnerabilities including WatchGuard, D-Link, Microsoft Windows, and Google Chromium
0% patch availability requires immediate compensating control deployment
Affected systems include WinRAR, GeoServer, Apple products, ASUS Live Update, and Gladinet CentreStack
Immediate action: Prioritize review of the 12 actively exploited vulnerabilities, particularly those affecting perimeter devices (WatchGuard Firebox, D-Link Routers, Array Networks) and widely deployed software (WinRAR, Microsoft Windows, Google Chromium). With no patches currently available, implement network segmentation, enhanced monitoring, and access restrictions for affected systems. Given the holiday period, ensure security operations coverage and incident response procedures are in place.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-14733
9.5
WatchGuardFirebox
â° Federal Deadline:December 25, 2025(1 days remaining)
WatchGuard Firebox Out of Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2022-37055
9.5
D-LinkRouters
â° Federal Deadline:December 28, 2025(4 days remaining)
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-66644
9.5
Array Networks ArrayOS AG
â° Federal Deadline:December 28, 2025(4 days remaining)
Array Networks ArrayOS AG OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-6218
9.5
RARLABWinRAR
â° Federal Deadline:December 29, 2025(5 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-62221
9.5đ
MicrosoftWindows
â° Federal Deadline:December 29, 2025(5 days remaining)
Microsoft Windows Use After Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-58360
9.5
OSGeoGeoServer
â° Federal Deadline:December 31, 2025(7 days remaining)
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2018-4063
9.5
Sierra WirelessAirLink ALEOS
â° Federal Deadline:January 1, 2026(8 days remaining)
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14174
9.5đ
GoogleChromium
â° Federal Deadline:January 1, 2026(8 days remaining)
Google Chromium Out of Bounds Memory Access Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14611
9.5
GladinetCentreStack and Triofox
â° Federal Deadline:January 4, 2026(11 days remaining)
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-43529
9.5đ
AppleMultiple Products
â° Federal Deadline:January 4, 2026(11 days remaining)
Apple Multiple Products Use-After-Free WebKit Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59374
9.5
ASUSLive Update
â° Federal Deadline:January 6, 2026(13 days remaining)
ASUS Live Update Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-52163
9.5
DigieverDS-2105 Pro
â° Federal Deadline:January 11, 2026(18 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-13773
9.8đ
The Print InvoiceMultiple Products
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_Notes::update' function, PHP enabled in Dompdf, and missing escape in the 'template.php' file. This makes it possible for unauthenticated attackers to execute code on the server.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68506
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68530
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Bookory bookory allows PHP Local File Inclusion.This issue affects Bookory: from n/a through <= 2.2.7.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68537
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68540
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68563
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through <= 1.3.0.
CVSS Base9.8
â
CRSSelect profile
CVE-2019-25235
9.8đ
Smartwares HOME easyMultiple Products
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68519
9.8đ
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affects Brands for WooCommerce: from n/a through <= 3.8.6.3.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68590
9.8đ
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2.
CVSS Base9.8
â
CRSSelect profile
CVE-2019-25249
9.8đ
devolo dLANMultiple Products
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-8769
9.8đ
Telenium Online Web Application is vulnerable due to a Perl script that
is called to load the loginMultiple Products
Telenium Online Web Application is vulnerable due to a Perl script that
is called to load the login page. Due to improper input validation, an
attacker can inject arbitrary Perl code through a crafted HTTP request,
leading to remote code execution on the server.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68500
9.1đ
UnknownMultiple Products
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider â Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider â Addons For Elementor: from n/a through <= 4.0.10.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-68038
9.8đ
Deserialization of Untrusted Data vulnerability in Icegram Icegram Express ProMultiple Products
Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through <= 5.9.11.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68496
9.8đ
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68570
9.8đ
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2.
CVSS Base9.8
â
CRSSelect profile
CVE-2018-25134
9.8
Synaccess netBooterMultiple Products
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.
CVSS Base9.8
â
CRSSelect profile
CVE-2018-25154
9.8
GNU BarcodeMultiple Products
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
CVSS Base9.8
â
CRSSelect profile
CVE-2019-25237
9.8
UnknownMultiple Products
V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a crafted HTTP POST request to the user management endpoint with 'user_role_mod' set to integer value '1' to elevate their privileges.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68565
9.8
Missing Authorization vulnerability in JayBee Twitch PlayerMultiple Products
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.
CVSS Base9.8
â
CRSSelect profile
CVE-2018-25135
9.8
Anviz AIM CrossChex StandardMultiple Products
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
CVSS Base9.8
â
CRSSelect profile
CVE-2019-25236
9.8
iSeeQ Hybrid DVRMultiple Products
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/get_jpeg endpoint without authentication.
CVSS Base9.8
â
CRSSelect profile
CVE-2019-25240
9.8
RifatronMultiple Products
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-67623
9.1
UnknownMultiple Products
Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-68508
9.1
Missing Authorization vulnerability in Brave BraveMultiple Products
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-68511
9.1
Missing Authorization vulnerability in Jegstudio Gutenverse FormMultiple Products
Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-68535
9.1
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo CartMultiple Products
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-68600
9.1
UnknownMultiple Products
Server-Side Request Forgery (SSRF) vulnerability in Yannick Lefebvre Link Library link-library allows Server Side Request Forgery.This issue affects Link Library: from n/a through <= 7.8.4.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-68916
9.1
Riello UPS NetManMultiple Products
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2018-25128
8.2đ
ControlMultiple Products
SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters
CVSS Base8.2
â
CRSSelect profile
CVE-2025-68572
8.8đ
SpiderMultiple Products
Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12934
8.1đ
WordPressMultiple Products
The Beaver Builder â WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicate_wpml_layout' function in all versions up to, and including, 2
CVSS Base8.1
â
CRSSelect profile
CVE-2025-14929
7.8đ
HuggingMultiple Products
Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13706
7.8đ
TencentMultiple Products
Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13708
7.8đ
TencentMultiple Products
Tencent NeuralNLP-NeuralClassifier _load_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13709
7.8đ
TencentMultiple Products
Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14920
7.8đ
HuggingMultiple Products
Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14921
7.8đ
HuggingMultiple Products
Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14922
7.8đ
HuggingMultiple Products
Hugging Face Diffusers CogView4 Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14924
7.8đ
HuggingMultiple Products
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14925
7.8đ
HuggingMultiple Products
Hugging Face Accelerate Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14926
7.8đ
HuggingMultiple Products
Hugging Face Transformers SEW convert_config Code Injection Remote Code Execution Vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection
CVSS Base8.6
â
CRSSelect profile
CVE-2025-13703
7.8
VIPREMultiple Products
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-14406
7.8
SodaMultiple Products
Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CVSS Base7.8
â
CRSSelect profile
CVE-2025-68920
8.9
UnknownMultiple Products
C-Kermit (aka ckermit) through 10
CVSS Base8.9
â
CRSSelect profile
CVE-2025-59886
8.8
ImproperMultiple Products
Improper input validation at one of the endpoints of Eaton xComfort ECI's
web interface, could lead into an attacker with network access to the device executing privileged user commands
CVSS Base8.8
â
CRSSelect profile
CVE-2021-47721
8.8
OrangescrumMultiple Products
Orangescrum 1
CVSS Base8.8
â
CRSSelect profile
CVE-2021-47735
8.8
CMSimpleMultiple Products
CMSimple 5
CVSS Base8.8
â
CRSSelect profile
CVE-2021-47736
8.8
UnknownMultiple Products
CMSimple_XH 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67622
8.8
titopandub EvergreenMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67625
8.8
tmtraderunner TradeMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68505
8.8
Missing AuthorizationMultiple Products
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68521
8.8
wpstream WpStreamMultiple Products
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68522
8.8
wpstream WpStreamMultiple Products
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68529
8.8
Rhys Wynne WP EmailMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68567
8.8
wphocus My auctionsMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68569
8.8
codepeople WP TimeMultiple Products
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68571
8.8
SALESmanagoMultiple Products
Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68573
8.8
Alessandro PiconiMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68575
8.8
Wappointment teamMultiple Products
Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68577
8.8
Virusdie VirusdieMultiple Products
Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68580
8.8
pluginsware AdvancedMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68582
8.8
FunnelformsMultiple Products
Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68583
8.8
Tikweb ManagementMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68584
8.8
Constantin BoiangiuMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68585
8.8
Ben Balter WPMultiple Products
Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68586
8.8
Gora Tech CookedMultiple Products
Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68592
8.8
Liton Arefin WPMultiple Products
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68593
8.8
Liton Arefin WPMultiple Products
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68595
8.8
Trustindex WidgetsMultiple Products
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68596
8.8
Bit Apps Bit AssistMultiple Products
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68601
8.8
Rustaurius Five StarMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68608
8.8
DeluxeThemes UserproMultiple Products
Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-2155
8.8
Echo Call CenterMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc
CVSS Base8.8
â
CRSSelect profile
CVE-2018-25143
8.8
MicrohardMultiple Products
Microhard Systems IPn4G 1
CVSS Base8.8
â
CRSSelect profile
CVE-2018-25148
8.8
MicrohardMultiple Products
Microhard Systems IPn4G 1
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25243
8.8
FaceSentryMultiple Products
FaceSentry 6
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25245
8.8
VideoMultiple Products
Ross Video DashBoard 8
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25246
8.8
BewardMultiple Products
Beward N100 H
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68665
8.6
LangChainMultiple Products
LangChain is a framework for building LLM-powered applications
CVSS Base8.6
â
CRSSelect profile
CVE-2025-25364
8.4
A commandMultiple Products
A command injection vulnerability in the me
CVSS Base8.4
â
CRSSelect profile
CVE-2021-47739
8.4
EpicMultiple Products
Epic Games Easy Anti-Cheat 4
CVSS Base8.4
â
CRSSelect profile
CVE-2023-53982
8.2
PMBMultiple Products
PMB 7
CVSS Base8.2
â
CRSSelect profile
CVE-2025-66444
8.2
HitachiMultiple Products
Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-59683
8.2
PexipMultiple Products
Pexip Infinity 15
CVSS Base8.2
â
CRSSelect profile
CVE-2025-68517
8.1
Essekia TablesomeMultiple Products
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68523
8.1
SpiffyMultiple Products
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68578
8.1
Addonify AddonifyMultiple Products
Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68579
8.1
FolioVision FVMultiple Products
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68581
8.1
YITHEMES YITH SliderMultiple Products
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68587
8.1
Bob Watu Quiz watuMultiple Products
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68588
8.1
totalsoft TS PollMultiple Products
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68589
8.1
WP Socio WP TelegramMultiple Products
Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68591
8.1
Mitchell BennisMultiple Products
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68594
8.1
Assaf Parag MissingMultiple Products
Missing Authorization vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68603
8.1
Marketing FireMultiple Products
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels