Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Friday's vulnerability disclosure yielded no new critical CVEs (CVSS 9.0+), a notable decrease from Thursday's 29 critical issues. High-priority vulnerabilities remained steady at 95, representing a 5% decrease from the prior day's 100. Eleven actively exploited CVEs appear in CISA's Known Exploited Vulnerabilities catalog, including CVE-2025-66644 affecting Array Networks ArrayOS AG, CVE-2025-6218 targeting RARLAB WinRAR, and CVE-2025-62221 impacting Microsoft Windows. Additional KEV entries include CVE-2025-14174 in Google Chromium, CVE-2025-14611 affecting Gladinet CentreStack/Triofox, and CVE-2025-43529 impacting multiple Apple products. Patch availability stands at 0%, indicating organizations should implement compensating controls while monitoring for vendor updates.
Zero critical CVEs disclosed, down 100% from Thursday's 29 critical vulnerabilities
95 high-priority CVEs tracked, a 5% decrease from the prior day's 100
11 actively exploited vulnerabilities including D-Link routers, WinRAR, Microsoft Windows, and Google Chromium
0% patch availability for disclosed vulnerabilities requires compensating controls
Affected systems span enterprise infrastructure: Array Networks, Sierra Wireless AirLink, ASUS Live Update, and GeoServer
Immediate action: Organizations using Array Networks, Microsoft Windows, Google Chrome, Apple products, WinRAR, or Gladinet solutions should prioritize reviewing the eleven actively exploited vulnerabilities. With zero patches currently available, implement network segmentation, enhanced monitoring, and access restrictions for affected systems.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2022-37055
9.5
D-LinkRouters
â° Federal Deadline:December 28, 2025(3 days remaining)
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-66644
9.5
Array Networks ArrayOS AG
â° Federal Deadline:December 28, 2025(3 days remaining)
Array Networks ArrayOS AG OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-6218
9.5
RARLABWinRAR
â° Federal Deadline:December 29, 2025(4 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-62221
9.5đ
MicrosoftWindows
â° Federal Deadline:December 29, 2025(4 days remaining)
Microsoft Windows Use After Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-58360
9.5
OSGeoGeoServer
â° Federal Deadline:December 31, 2025(6 days remaining)
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2018-4063
9.5
Sierra WirelessAirLink ALEOS
â° Federal Deadline:January 1, 2026(7 days remaining)
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-14174
9.5đ
GoogleChromium
â° Federal Deadline:January 1, 2026(7 days remaining)
Google Chromium Out of Bounds Memory Access Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14611
9.5
GladinetCentreStack and Triofox
â° Federal Deadline:January 4, 2026(10 days remaining)
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-43529
9.5đ
AppleMultiple Products
â° Federal Deadline:January 4, 2026(10 days remaining)
Apple Multiple Products Use-After-Free WebKit Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59374
9.5
ASUSLive Update
â° Federal Deadline:January 6, 2026(12 days remaining)
ASUS Live Update Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-52163
9.5
DigieverDS-2105 Pro
â° Federal Deadline:January 11, 2026(17 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2018-25128
8.2đ
ControlMultiple Products
SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters
CVSS Base8.2
â
CRSSelect profile
CVE-2025-68572
8.8đ
SpiderMultiple Products
Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67909
8.1đ
WP Swings MembershipMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68494
7.5đ
Exposure of SensitiveMultiple Products
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2023-36525
8.6đ
ImproperMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection
CVSS Base8.6
â
CRSSelect profile
CVE-2018-25141
7.5đ
FLIRMultiple Products
FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials
CVSS Base7.5
â
CRSSelect profile
CVE-2025-3232
7.5đ
remoteMultiple Products
A remote unauthenticated attacker may be able to bypass authentication
by utilizing a specific API route to execute arbitrary OS commands
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68920
8.9đ
UnknownMultiple Products
C-Kermit (aka ckermit) through 10
CVSS Base8.9
â
CRSSelect profile
CVE-2025-67622
8.8đ
titopandub EvergreenMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67625
8.8đ
tmtraderunner TradeMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68505
8.8đ
Missing AuthorizationMultiple Products
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68521
8.8đ
wpstream WpStreamMultiple Products
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68522
8.8đ
wpstream WpStreamMultiple Products
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68529
8.8đ
Rhys Wynne WP EmailMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68567
8.8đ
wphocus My auctionsMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68569
8.8
codepeople WP TimeMultiple Products
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68571
8.8
SALESmanagoMultiple Products
Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68573
8.8
Alessandro PiconiMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68575
8.8
Wappointment teamMultiple Products
Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68577
8.8
Virusdie VirusdieMultiple Products
Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68580
8.8
pluginsware AdvancedMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68582
8.8
FunnelformsMultiple Products
Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68583
8.8
Tikweb ManagementMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68584
8.8
Constantin BoiangiuMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68585
8.8
Ben Balter WPMultiple Products
Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68586
8.8
Gora Tech CookedMultiple Products
Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68592
8.8
Liton Arefin WPMultiple Products
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68593
8.8
Liton Arefin WPMultiple Products
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68595
8.8
Trustindex WidgetsMultiple Products
Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68596
8.8
Bit Apps Bit AssistMultiple Products
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68601
8.8
Rustaurius Five StarMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Cross Site Request Forgery
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68608
8.8
DeluxeThemes UserproMultiple Products
Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-2155
8.8
Echo Call CenterMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc
CVSS Base8.8
â
CRSSelect profile
CVE-2018-25143
8.8
MicrohardMultiple Products
Microhard Systems IPn4G 1
CVSS Base8.8
â
CRSSelect profile
CVE-2018-25148
8.8
MicrohardMultiple Products
Microhard Systems IPn4G 1
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25243
8.8
FaceSentryMultiple Products
FaceSentry 6
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25245
8.8
VideoMultiple Products
Ross Video DashBoard 8
CVSS Base8.8
â
CRSSelect profile
CVE-2019-25246
8.8
BewardMultiple Products
Beward N100 H
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15089
8.8
hasMultiple Products
A vulnerability has been found in UTT čŋå 512W up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15090
8.8
wasMultiple Products
A vulnerability was found in UTT čŋå 512W up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15091
8.8
wasMultiple Products
A vulnerability was determined in UTT čŋå 512W up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15092
8.8
wasMultiple Products
A vulnerability was identified in UTT čŋå 512W up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-59887
8.6
ImproperMultiple Products
Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package
CVSS Base8.6
â
CRSSelect profile
CVE-2025-59683
8.2
PexipMultiple Products
Pexip Infinity 15
CVSS Base8.2
â
CRSSelect profile
CVE-2025-68939
8.2
GiteaMultiple Products
Gitea before 1
CVSS Base8.2
â
CRSSelect profile
CVE-2025-68517
8.1
Essekia TablesomeMultiple Products
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68523
8.1
SpiffyMultiple Products
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68578
8.1
Addonify AddonifyMultiple Products
Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68579
8.1
FolioVision FVMultiple Products
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68581
8.1
YITHEMES YITH SliderMultiple Products
Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68587
8.1
Bob Watu Quiz watuMultiple Products
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68588
8.1
totalsoft TS PollMultiple Products
Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68589
8.1
WP Socio WP TelegramMultiple Products
Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68591
8.1
Mitchell BennisMultiple Products
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68594
8.1
Assaf Parag MissingMultiple Products
Missing Authorization vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68603
8.1
Marketing FireMultiple Products
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-67450
7.8
insecureMultiple Products
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package
could perform arbitrary code execution
CVSS Base7.8
â
CRSSelect profile
CVE-2025-2307
7.6
Verisay CommunicationMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd
CVSS Base7.6
â
CRSSelect profile
CVE-2025-2405
7.6
Verisay CommunicationMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd
CVSS Base7.6
â
CRSSelect profile
CVE-2025-2406
7.6
Verisay CommunicationMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd
CVSS Base7.6
â
CRSSelect profile
CVE-2025-67621
7.5
Exposure of SensitiveMultiple Products
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68516
7.5
Essekia TablesomeMultiple Products
Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68568
7.5
integrationclaspoMultiple Products
Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68576
7.5
Virusdie VirusdieMultiple Products
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68606
7.5
WPXPO PostX ExposureMultiple Products
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2018-25129
7.5
ControlMultiple Products
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials
CVSS Base7.5
â
CRSSelect profile
CVE-2018-25136
7.5
FLIRMultiple Products
FLIR Brickstream 3D+ 2
CVSS Base7.5
â
CRSSelect profile
CVE-2018-25137
7.5
FLIRMultiple Products
FLIR Brickstream 3D+ 2
CVSS Base7.5
â
CRSSelect profile
CVE-2018-25138
7.5
ThermalMultiple Products
FLIR AX8 Thermal Camera 1
CVSS Base7.5
â
CRSSelect profile
CVE-2018-25139
7.5
ThermalMultiple Products
FLIR AX8 Thermal Camera 1
CVSS Base7.5
â
CRSSelect profile
CVE-2018-25140
7.5
their WebSocketMultiple Products
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls
CVSS Base7.5
â
CRSSelect profile
CVE-2018-25147
7.5
MicrohardMultiple Products
Microhard Systems IPn4G 1
CVSS Base7.5
â
CRSSelect profile
CVE-2018-25153
7.5
GNUMultiple Products
GNU Barcode 0
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25239
7.5
OLTMultiple Products
V-SOL GPON/EPON OLT Platform 2
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25241
7.5
ControlMultiple Products
FaceSentry Access Control System 6
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25248
7.5
BewardMultiple Products
Beward N100 M2
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25253
7.5
NetMultiple Products
KYOCERA Net Admin 3
CVSS Base7.5
â
CRSSelect profile
CVE-2019-25258
7.5
LogicalDOCMultiple Products
LogicalDOC Enterprise 7
CVSS Base7.5
â
CRSSelect profile
CVE-2025-32095
7.5
InfinityMultiple Products
Pexip Infinity before 37
CVSS Base7.5
â
CRSSelect profile
CVE-2025-32096
7.5
PexipMultiple Products
Pexip Infinity 33
CVSS Base7.5
â
CRSSelect profile
CVE-2025-48704
7.5
PexipMultiple Products
Pexip Infinity 35
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66377
7.5
InfinityMultiple Products
Pexip Infinity before 39
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66379
7.5
InfinityMultiple Products
Pexip Infinity before 39
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66443
7.5
PexipMultiple Products
Pexip Infinity 35
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68922
7.4
OpenOpsMultiple Products
OpenOps before 0
CVSS Base7.4
â
CRSSelect profile
CVE-2025-15073
7.3
OrderingMultiple Products
A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15074
7.3
OrderingMultiple Products
A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15075
7.3
ManagementMultiple Products
A security flaw has been discovered in itsourcecode Student Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15076
7.3
weaknessMultiple Products
A weakness has been identified in Tenda CH22 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15077
7.3
ManagementMultiple Products
A security vulnerability has been detected in itsourcecode Student Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15078
7.3
ManagementMultiple Products
A vulnerability was detected in itsourcecode Student Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15097
7.3
AlteryxMultiple Products
A vulnerability was found in Alteryx Server
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15099
7.3
wasMultiple Products
A vulnerability was identified in simstudioai sim up to 0
CVSS Base7.3
â
CRSSelect profile
CVE-2025-2515
7.2
wasMultiple Products
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS