Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Monday's vulnerability disclosures contain zero critical-severity CVEs, unchanged from the prior day's count. High-priority vulnerabilities increased 14% to 16 issues requiring attention. Three actively exploited vulnerabilities were added to the CISA KEV catalog, a 40% decrease from Sunday's five additions, affecting ASUS Live Update, Digiever DS-2105 Pro, and MongoDB Server. All three KEV entries carry CVSS 9.5 scores despite the absence of newly disclosed critical CVEs in the general pool. No patches are currently available for the disclosed vulnerabilities, requiring organizations to implement compensating controls.
Zero critical CVEs disclosed, unchanged from prior day
16 high-priority vulnerabilities, up 14% from Sunday's 14
Three actively exploited CVEs targeting ASUS, Digiever, and MongoDB products
0% patch availability across all disclosed vulnerabilities
KEV additions all rated CVSS 9.5 affecting enterprise infrastructure components
Immediate action: Organizations using ASUS Live Update, Digiever DS-2105 Pro NVR systems, or MongoDB deployments should prioritize network segmentation and access controls for these systems. Monitor vendor security advisories for upcoming patches given the current zero percent availability rate.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-59374
9.5
ASUSLive Update
β° Federal Deadline:January 6, 2026(2 days remaining)
ASUS Live Update Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2023-52163 (reserved 2023, disclosed 2025)
9.5
DigieverDS-2105 Pro
β° Federal Deadline:January 11, 2026(7 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-14847
9.5
MongoDBMongoDB and MongoDB Server
β° Federal Deadline:January 18, 2026(14 days remaining)
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-15240 (reserved 2025, disclosed 2026)
8.8π
theMultiple Products
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server
CVSS Base8.8
β
CRSSelect profile
CVE-2025-15446 (reserved 2025, disclosed 2026)
7.3π
flawMultiple Products
A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223
CVSS Base7.3
β
CRSSelect profile
CVE-2025-15447 (reserved 2025, disclosed 2026)
7.3π
hasMultiple Products
A vulnerability has been found in Seeyon Zhiyuan OA Web Application System up to 20251223
CVSS Base7.3
β
CRSSelect profile
CVE-2025-15459 (reserved 2025, disclosed 2026)
8.8π
securityMultiple Products
A security vulnerability has been detected in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-15460 (reserved 2025, disclosed 2026)
8.8π
wasMultiple Products
A vulnerability was detected in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-15461 (reserved 2025, disclosed 2026)
8.8π
flawMultiple Products
A flaw has been found in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-15462 (reserved 2025, disclosed 2026)
8.8π
hasMultiple Products
A vulnerability has been found in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-3646 (reserved 2025, disclosed 2026)
7.3π
PetlibroMultiple Products
Petlibro Smart Pet Feeder Platform versions up to 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-3653 (reserved 2025, disclosed 2026)
7.3π
PetlibroMultiple Products
Petlibro Smart Pet Feeder Platform versions up to 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0575
7.3π
ReservationMultiple Products
A security vulnerability has been detected in code-projects Online Product Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0576
7.3π
ReservationMultiple Products
A vulnerability was detected in code-projects Online Product Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0578
7.3π
ReservationMultiple Products
A vulnerability has been found in code-projects Online Product Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0579
7.3π
ReservationMultiple Products
A vulnerability was found in code-projects Online Product Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-15456 (reserved 2025, disclosed 2026)
7.3π
hasMultiple Products
A vulnerability has been found in bg5sbk MiniCMS up to 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-15457 (reserved 2025, disclosed 2026)
7.3π
wasMultiple Products
A vulnerability was found in bg5sbk MiniCMS up to 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-15458 (reserved 2025, disclosed 2026)
7.3
wasMultiple Products
A vulnerability was determined in bg5sbk MiniCMS up to 1