Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Yesterday's vulnerability disclosures included 1 critical CVE (CVSS 9.0+), a 67% decrease from the prior day's 3 critical issues. High-priority vulnerabilities totaled 30, representing a 33% reduction from 45. Five actively exploited vulnerabilities remain on the CISA KEV list, affecting Gladinet CentreStack/Triofox, Apple products, ASUS Live Update, Digiever DS-2105 Pro, and MongoDB Server. The single new critical vulnerability CVE-2025-14998 (CVSS 9.8) affects the Branda WordPress plugin through a privilege escalation flaw enabling account takeover. Patch availability stands at 0%, requiring organizations to implement compensating controls until vendor fixes become available.
1 critical CVE disclosed, down 67% from prior day's 3 critical issues
30 high-priority CVEs (CVSS 7.0-8.9), a 33% decrease from 45
0% patch availability across disclosed vulnerabilities
WordPress environments using Branda plugin face privilege escalation risk (CVE-2025-14998)
Immediate action: Organizations running Gladinet CentreStack/Triofox, Apple products, ASUS systems with Live Update, Digiever DS-2105 Pro, or MongoDB Server should prioritize monitoring for exploitation indicators on these actively targeted platforms. With 0% patch availability for yesterday's disclosures, implement network segmentation and access controls as interim mitigations while monitoring vendor security advisories.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-14611
9.5
GladinetCentreStack and Triofox
â° Federal Deadline:January 4, 2026(2 days remaining)
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-43529
9.5đ
AppleMultiple Products
â° Federal Deadline:January 4, 2026(2 days remaining)
Apple Multiple Products Use-After-Free WebKit Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-59374
9.5
ASUSLive Update
â° Federal Deadline:January 6, 2026(4 days remaining)
ASUS Live Update Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2023-52163 (reserved 2023, disclosed 2025)
9.5
DigieverDS-2105 Pro
â° Federal Deadline:January 11, 2026(9 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-14847
9.5
MongoDBMongoDB and MongoDB Server
â° Federal Deadline:January 18, 2026(16 days remaining)
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-14998 (reserved 2025, disclosed 2026)
9.8đ
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions upMultiple Products
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS Base9.8
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2026-21452
7.5đ
MessagePackMultiple Products
MessagePack for Java is a serializer implementation for Java
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15427 (reserved 2025, disclosed 2026)
7.3đ
securityMultiple Products
A security flaw has been discovered in Seeyon Zhiyuan OA Web Application System up to 20251222
CVSS Base7.3
â
CRSSelect profile
CVE-2025-55065 (reserved 2025, disclosed 2026)
7.5đ
UnknownMultiple Products
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15428 (reserved 2025, disclosed 2026)
8.8đ
weaknessMultiple Products
A weakness has been identified in UTT čŋå 512W 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15429 (reserved 2025, disclosed 2026)
8.8đ
securityMultiple Products
A security vulnerability has been detected in UTT čŋå 512W 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15430 (reserved 2025, disclosed 2026)
8.8đ
wasMultiple Products
A vulnerability was detected in UTT čŋå 512W 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-15431 (reserved 2025, disclosed 2026)
8.8đ
flawMultiple Products
A flaw has been found in UTT čŋå 512W 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-69414 (reserved 2025, disclosed 2026)
8.5đ
MediaMultiple Products
Plex Media Server (PMS) through 1
CVSS Base8.5
â
CRSSelect profile
CVE-2026-21433
7.7đ
EmlogMultiple Products
Emlog is an open source website building system
CVSS Base7.7
â
CRSSelect profile
CVE-2025-68272 (reserved 2025, disclosed 2026)
7.5đ
SignalMultiple Products
Signal K Server is a server application that runs on a central hub in a boat
CVSS Base7.5
â
CRSSelect profile
CVE-2025-15407 (reserved 2025, disclosed 2026)
7.3đ
GuitarMultiple Products
A vulnerability has been found in code-projects Online Guitar Store 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15408 (reserved 2025, disclosed 2026)
7.3đ
GuitarMultiple Products
A vulnerability was found in code-projects Online Guitar Store 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15409 (reserved 2025, disclosed 2026)
7.3đ
GuitarMultiple Products
A vulnerability was determined in code-projects Online Guitar Store 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15410 (reserved 2025, disclosed 2026)
7.3đ
GuitarMultiple Products
A vulnerability was identified in code-projects Online Guitar Store 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15420 (reserved 2025, disclosed 2026)
7.3đ
YonyouMultiple Products
A security vulnerability has been detected in Yonyou KSOA 9
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15421 (reserved 2025, disclosed 2026)
7.3
YonyouMultiple Products
A vulnerability was detected in Yonyou KSOA 9
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15424 (reserved 2025, disclosed 2026)
7.3
YonyouMultiple Products
A vulnerability was found in Yonyou KSOA 9
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15425 (reserved 2025, disclosed 2026)
7.3
YonyouMultiple Products
A vulnerability was determined in Yonyou KSOA 9
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15426 (reserved 2025, disclosed 2026)
7.3
wasMultiple Products
A vulnerability was identified in jackying H-ui
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15434 (reserved 2025, disclosed 2026)
7.3
YonyouMultiple Products
A vulnerability was detected in Yonyou KSOA 9
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15435 (reserved 2025, disclosed 2026)
7.3
YonyouMultiple Products
A flaw has been found in Yonyou KSOA 9
CVSS Base7.3
â
CRSSelect profile
CVE-2025-15436 (reserved 2025, disclosed 2026)
7.3
YonyouMultiple Products
A vulnerability has been found in Yonyou KSOA 9
CVSS Base7.3
â
CRSSelect profile
CVE-2026-0546
7.3
ManagementMultiple Products
A vulnerability was determined in code-projects Content Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-0565
7.3
ManagementMultiple Products
A weakness has been identified in code-projects Content Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-0567
7.3
ManagementMultiple Products
A vulnerability was detected in code-projects Content Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-0568
7.3
MusicMultiple Products
A flaw has been found in code-projects Online Music Site 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-0569
7.3
MusicMultiple Products
A vulnerability has been found in code-projects Online Music Site 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-0570
7.3
MusicMultiple Products
A vulnerability was found in code-projects Online Music Site 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-69415 (reserved 2025, disclosed 2026)
7.1
MediaMultiple Products
In Plex Media Server (PMS) through 1
CVSS Base7.1
â
CRSSelect profile
CVE-2026-21447
7.1
BagistoMultiple Products
Bagisto is an open source laravel eCommerce platform