Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Yesterday's disclosures include 20 critical-severity vulnerabilities, marking a 122% increase from the prior day's 9 critical CVEs. High-priority vulnerabilities also increased substantially with 100 CVEs representing a 52% rise. Eight actively exploited vulnerabilities remain on the KEV list, including CVE-2025-58360 affecting OSGeo GeoServer, CVE-2025-14174 in Google Chromium, and CVE-2025-43529 impacting Apple products. Notable critical disclosures include multiple Improper Control of Filename vulnerabilities (CVE-2025-68974, CVE-2025-68987, CVE-2025-68983) with CVSS 9.8 scores affecting multiple products, plus CVE-2025-15255 targeting Tenda devices. Patch availability stands at 0%, requiring organizations to prioritize compensating controls and monitoring.
20 critical CVEs disclosed (122% increase from prior day's 9)
100 high-priority CVEs identified (52% increase from 66)
8 actively exploited vulnerabilities including GeoServer, Chromium, Apple, and MongoDB
0% patch availability for disclosed vulnerabilities
Multiple products affected by filename control vulnerabilities (CVSS 9.8)
Tenda, Sierra Wireless, ASUS, and Gladinet products among affected vendors
Immediate action: Organizations using GeoServer, Chromium, Apple products, MongoDB, Tenda devices, Sierra Wireless AirLink, ASUS Live Update, or Gladinet CentreStack should implement additional monitoring and access controls. With 0% patch availability for today's disclosures, focus on network segmentation and detection capabilities for affected systems.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-58360
9.5
OSGeoGeoServer
â° Federal Deadline:December 31, 2025(1 days remaining)
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2018-4063 (reserved 2018, disclosed 2025)
9.5
Sierra WirelessAirLink ALEOS
â° Federal Deadline:January 1, 2026(2 days remaining)
Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-14174
9.5đ
GoogleChromium
â° Federal Deadline:January 1, 2026(2 days remaining)
Google Chromium Out of Bounds Memory Access Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-14611
9.5
GladinetCentreStack and Triofox
â° Federal Deadline:January 4, 2026(5 days remaining)
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-43529
9.5đ
AppleMultiple Products
â° Federal Deadline:January 4, 2026(5 days remaining)
Apple Multiple Products Use-After-Free WebKit Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-59374
9.5
ASUSLive Update
â° Federal Deadline:January 6, 2026(7 days remaining)
ASUS Live Update Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-52163 (reserved 2023, disclosed 2025)
9.5
DigieverDS-2105 Pro
â° Federal Deadline:January 11, 2026(12 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14847
9.5
MongoDBMongoDB and MongoDB Server
â° Federal Deadline:January 18, 2026(19 days remaining)
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-68974
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.7.0.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68987
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Cinerama - A WordPress Theme for Movie Studios and Filmmakers cinerama allows PHP Local File Inclusion.This issue affects Cinerama - A WordPress Theme for Movie Studios and Filmmakers: from n/a through <= 2.4.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68983
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.11.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68984
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.39.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68985
9.8đ
Improper Control of Filename forMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-52835
9.6đ
UnknownMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through 1.1.9.
CVSS Base9.6
â
CRSSelect profile
CVE-2022-50695 (reserved 2022, disclosed 2025)
9.8đ
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts.
CVSS Base9.8
â
CRSSelect profile
CVE-2022-50794 (reserved 2022, disclosed 2025)
9.8đ
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.
CVSS Base9.8
â
CRSSelect profile
CVE-2022-50803 (reserved 2022, disclosed 2025)
9.8đ
UnknownMultiple Products
JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-15255
9.8đ
A vulnerability was determined in TendaMultiple Products
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Base9.8
â
CRSSelect profile
CVE-2022-50691 (reserved 2022, disclosed 2025)
9.8đ
MiniDVBLinuxMultiple Products
MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system access.
CVSS Base9.8
â
CRSSelect profile
CVE-2022-50790 (reserved 2022, disclosed 2025)
9.8đ
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication.
CVSS Base9.8
â
CRSSelect profile
CVE-2022-50792 (reserved 2022, disclosed 2025)
9.8đ
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device.
CVSS Base9.8
â
CRSSelect profile
CVE-2024-58336 (reserved 2024, disclosed 2025)
9.8đ
Akuvox Smart IntercomMultiple Products
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
CVSS Base9.8
â
CRSSelect profile
CVE-2024-58338 (reserved 2024, disclosed 2025)
9.8đ
Anevia Flamingo XLMultiple Products
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68990
9.8
Improper Neutralization of Special Elements used in an SQL CommandMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-68926
9.8
RustFS is a distributed object storage system built inMultiple Products
RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.77, RustFS implements gRPC authentication using a hardcoded static token `"rustfs rpc"` that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable with no mechanism for token rotation, and universally valid across all RustFS deployments. Any attacker with network access to the gRPC port can authenticate using this publicly known token and execute privileged operations including data destruction, policy manipulation, and cluster configuration changes. Version 1.0.0-alpha.77 contains a fix for the issue.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-15114
9.8
Ksenia Security LaresMultiple Products
Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
The Lucky Wheel for WooCommerce â Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1
CVSS Base7.2
â
CRSSelect profile
CVE-2025-13592
7.2đ
WordPressMultiple Products
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2
CVSS Base7.2
â
CRSSelect profile
CVE-2025-68877
7.5đ
CedCommerceMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integration for Good Market allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-69200
7.5đ
phpMyFAQMultiple Products
phpMyFAQ is an open source FAQ web application
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68870
7.5đ
reDim GmbH CookieHintMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68996
7.5đ
WebCodingPlaceMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62753
7.5đ
MadrasThemes MASMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allows PHP Local File Inclusion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68979
8.1đ
GoogleMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-15263
7.3đ
PHPMultiple Products
A weakness has been identified in BiggiDroid Simple PHP CMS 1
CVSS Base7.3
â
CRSSelect profile
CVE-2022-50800 (reserved 2022, disclosed 2025)
7.5đ
UnknownMultiple Products
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter
VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15388
8.8
theMultiple Products
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68989
7.5
Renzo Johnson ContactMultiple Products
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2024-58337 (reserved 2024, disclosed 2025)
7.5
AkuvoxMultiple Products
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15103
8.1đ
UnknownMultiple Products
DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
CVSS Base8.1
â
CRSSelect profile
CVE-2025-59129
7.6
ImproperMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appointify allows Blind SQL Injection
CVSS Base7.6
â
CRSSelect profile
CVE-2025-66862
7.5
function A bufferMultiple Products
A buffer overflow vulnerability in function gnu_special in file cplus-dem
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66869
7.5
function strcat inMultiple Products
Buffer overflow vulnerability in function strcat in asan_interceptors
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66877
7.5
function dcputchar inMultiple Products
Buffer overflow vulnerability in function dcputchar in decompile
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15189
8.8đ
D-LinkMultiple Products
A vulnerability was identified in D-Link DWR-M920 up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15190
8.8đ
D-LinkMultiple Products
A security flaw has been discovered in D-Link DWR-M920 up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15193
8.8
D-LinkMultiple Products
A vulnerability was detected in D-Link DWR-M920 up to 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-55061
8.8
UnknownMultiple Products
CWE-434 Unrestricted Upload of File with Dangerous Type
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15215
8.8
wasMultiple Products
A vulnerability was determined in Tenda AC10U 15
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15216
8.8
wasMultiple Products
A vulnerability was identified in Tenda AC23 16
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15217
8.8
securityMultiple Products
A security flaw has been discovered in Tenda AC23 16
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15218
8.8
weaknessMultiple Products
A weakness has been identified in Tenda AC10U 15
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15230
8.8
wasMultiple Products
A vulnerability was found in Tenda M3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15231
8.8
wasMultiple Products
A vulnerability was determined in Tenda M3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15232
8.8
wasMultiple Products
A vulnerability was identified in Tenda M3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15233
8.8
securityMultiple Products
A security flaw has been discovered in Tenda M3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15234
8.8
weaknessMultiple Products
A weakness has been identified in Tenda M3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-68976
8.8
Missing AuthorizationMultiple Products
Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15252
8.8
flawMultiple Products
A flaw has been found in Tenda M3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15253
8.8
hasMultiple Products
A vulnerability has been found in Tenda M3 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15356
8.8
hasMultiple Products
A vulnerability has been found in Tenda AC20 up to 16
CVSS Base8.8
â
CRSSelect profile
CVE-2022-50793 (reserved 2022, disclosed 2025)
8.8
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco <=2
CVSS Base8.8
â
CRSSelect profile
CVE-2022-50789 (reserved 2022, disclosed 2025)
8.4
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco <=2
CVSS Base8.4
â
CRSSelect profile
CVE-2022-50791 (reserved 2022, disclosed 2025)
8.4
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco <=2
CVSS Base8.4
â
CRSSelect profile
CVE-2022-50795 (reserved 2022, disclosed 2025)
8.4
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco <=2
CVSS Base8.4
â
CRSSelect profile
CVE-2024-58315 (reserved 2024, disclosed 2025)
8.4
KeyMultiple Products
Tosibox Key Service 3
CVSS Base8.4
â
CRSSelect profile
CVE-2022-50694 (reserved 2022, disclosed 2025)
8.2
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco <=2
CVSS Base8.2
â
CRSSelect profile
CVE-2023-54163 (reserved 2023, disclosed 2025)
8.2
mKlikMultiple Products
NLB mKlik Macedonia 3
CVSS Base8.2
â
CRSSelect profile
CVE-2025-68975
8.1
AuthorizationMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68980
8.1
designthemesMultiple Products
Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-68982
8.1
designthemesMultiple Products
Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.1
â
CRSSelect profile
CVE-2025-15112
8
SecurityMultiple Products
Ksenia Security Lares 4
CVSS Base8
â
CRSSelect profile
CVE-2025-15113
7.8
SecurityMultiple Products
Ksenia Security Lares 4
CVSS Base7.8
â
CRSSelect profile
CVE-2025-15371
7.8
hasMultiple Products
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65
CVSS Base7.8
â
CRSSelect profile
CVE-2025-69217
7.7
STUNMultiple Products
coturn is a free open source implementation of TURN and STUN Server
CVSS Base7.7
â
CRSSelect profile
CVE-2025-66863
7.5
issueMultiple Products
An issue was discovered in function d_discriminator in file cp-demangle
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66865
7.5
issueMultiple Products
An issue was discovered in function d_print_comp_inner in file cp-demangle
CVSS Base7.5
â
CRSSelect profile
CVE-2024-25183 (reserved 2024, disclosed 2025)
7.5
givanzMultiple Products
givanz VvvebJs 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15284
7.5
qs Improper InputMultiple Products
Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68036
7.5
Emraan Cheema CubeWPMultiple Products
Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15358
7.5
UnknownMultiple Products
DVP-12SE11T - Denial of Service Vulnerability
CVSS Base7.5
â
CRSSelect profile
CVE-2025-68988
7.5
Exposure of SensitiveMultiple Products
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2025-69256
7.5
TheMultiple Products
The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications
CVSS Base7.5
â
CRSSelect profile
CVE-2022-50692 (reserved 2022, disclosed 2025)
7.5
EcoMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2
CVSS Base7.5
â
CRSSelect profile
CVE-2022-50788 (reserved 2022, disclosed 2025)
7.5
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco <=2
CVSS Base7.5
â
CRSSelect profile
CVE-2022-50796 (reserved 2022, disclosed 2025)
7.5
UnknownMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco <=2
CVSS Base7.5
â
CRSSelect profile
CVE-2022-50798 (reserved 2022, disclosed 2025)
7.5
SoXMultiple Products
SoX 14
CVSS Base7.5
â
CRSSelect profile
CVE-2022-50799 (reserved 2022, disclosed 2025)
7.5
FTPMultiple Products
Fetch FTP Client 5
CVSS Base7.5
â
CRSSelect profile
CVE-2023-53983 (reserved 2023, disclosed 2025)
7.5
AneviaMultiple Products
Anevia Flamingo XL/XS 3
CVSS Base7.5
â
CRSSelect profile
CVE-2023-54327 (reserved 2023, disclosed 2025)
7.5
LANMultiple Products
Tinycontrol LAN Controller 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15111
7.5
SecurityMultiple Products
Ksenia Security Lares 4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15182
7.3
ManagementMultiple Products
A weakness has been identified in code-projects Refugee Food Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15183
7.3
ManagementMultiple Products
A security vulnerability has been detected in code-projects Refugee Food Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15184
7.3
ManagementMultiple Products
A vulnerability was detected in code-projects Refugee Food Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15185
7.3
ManagementMultiple Products
A flaw has been found in code-projects Refugee Food Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15186
7.3
ManagementMultiple Products
A vulnerability has been found in code-projects Refugee Food Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15195
7.3
AssessmentMultiple Products
A vulnerability was determined in code-projects Assessment Management 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15196
7.3
AssessmentMultiple Products
A vulnerability was identified in code-projects Assessment Management 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15198
7.3
UploadingMultiple Products
A weakness has been identified in code-projects College Notes Uploading System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15206
7.3
ManagementMultiple Products
A flaw has been found in Campcodes Supplier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15207
7.3
ManagementMultiple Products
A vulnerability has been found in Campcodes Supplier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15208
7.3
ManagementMultiple Products
A security flaw has been discovered in code-projects Refugee Food Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15243
7.3
StockMultiple Products
A flaw has been found in code-projects Simple Stock System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15247
7.3
wasMultiple Products
A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15256
7.3
wasMultiple Products
A vulnerability was identified in Edimax BR-6208AC 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15257
7.3
securityMultiple Products
A security flaw has been discovered in Edimax BR-6208AC 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15264
7.3
wasMultiple Products
A vulnerability was determined in FeehiCMS up to 2
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15353
7.3
ManagementMultiple Products
A vulnerability was detected in itsourcecode Society Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15354
7.3
ManagementMultiple Products
A flaw has been found in itsourcecode Society Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2022-50787 (reserved 2022, disclosed 2025)
7.2
EcoMultiple Products
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2
CVSS Base7.2
â
CRSSelect profile
CVE-2025-68876
7.1
INVELITY Invelity SPSMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS
CVSS Base7.1
â
CRSSelect profile
CVE-2025-68878
7.1
PrasadkirpekarMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS