Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Sunday's disclosure activity reveals 4 critical vulnerabilities (CVSS 9.0+), representing a 64% decrease from the prior day's 11 critical issues. High-priority vulnerabilities also declined substantially, with 34 disclosed compared to 71 previously, a 52% reduction. Four actively exploited vulnerabilities (KEV) require attention, including legacy threats targeting Microsoft Office (CVE-2009-0556), MongoDB Server (CVE-2025-14847), and HPE OneView (CVE-2025-37164). Notable critical disclosures include CVE-2025-65091 affecting XWiki Full Calendar Macro with a maximum CVSS 10 score, CVE-2026-22688 in WeKnora with CVSS 9.9, and CVE-2026-61686 impacting React Router. With 0% patch availability currently reported, organizations should prioritize compensating controls and monitoring until vendor patches are released.
4 critical vulnerabilities disclosed, 64% decrease from prior day
34 high-priority vulnerabilities, 52% reduction from previous 71
4 actively exploited vulnerabilities targeting Microsoft Office, MongoDB, HPE OneView, and Digiever systems
XWiki, React Router, WeKnora, and OpenProject among affected products
Immediate action: Organizations using Microsoft Office, MongoDB Server, HPE OneView, or Digiever DS-2105 Pro should prioritize review of the four actively exploited vulnerabilities. With no patches currently available for Sunday's disclosures, implement network segmentation, enhanced monitoring, and access restrictions for affected systems until vendor remediation guidance is released.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2023-52163 (reserved 2023, disclosed 2025)
9.5
DigieverDS-2105 Pro
β° Federal Deadline:January 11, 2026(1 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-14847
9.5
MongoDBMongoDB and MongoDB Server
β° Federal Deadline:January 18, 2026(8 days remaining)
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2009-0556 (reserved 2009, disclosed 2026)
9.5
MicrosoftOffice
β° Federal Deadline:January 27, 2026(17 days remaining)
Microsoft Office PowerPoint Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-37164 (reserved 2025, disclosed 2026)
9.5π
Hewlett Packard Enterprise (HPE)OneView
β° Federal Deadline:January 27, 2026(17 days remaining)
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2025-65091 (reserved 2025, disclosed 2026)
10π
XWiki Full Calendar Macro displays objects from the wiki on theMultiple Products
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been patched in version 2.4.5.
CVSS Base10
β
CRSSelect profile
CVE-2025-61686 (reserved 2025, disclosed 2026)
9.1π
React Router is a router forMultiple Products
React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the permissions of the web server process to access those files. Read files cannot be returned directly to the attacker. Session file reads would only succeed if the file matched the expected session file format. If the file matched the session file format, the data would be populated into the server side session but not directly returned to the attacker unless the application logic returned specific session information. This issue has been patched in @react-router/node version 7.9.4, @remix-run/deno version 2.17.2, and @remix-run/node version 2.17.2.
CVSS Base9.1
β
CRSSelect profile
CVE-2026-22688
9.9π
WeKnora is anMultiple Products
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.
CVSS Base9.9
β
CRSSelect profile
CVE-2026-22600
9.1π
OpenProject is anMultiple Products
OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file (disguised as a PNG) as a work package attachment, an attacker can exploit the backend image processing engine (ImageMagick). When the work package is exported to PDF, the backend attempts to resize the image, triggering the ImageMagick text: coder. This allows an attacker to read arbitrary local files that the application user has permissions to access (e.g., /etc/passwd, all project configuration files, private project data, etc.). The attack requires permissions to upload attachments to a container that can be exported to PDF, such as a work package. The issue has been patched in version 16.6.4. Those who are unable to upgrade may apply the patch manually.
CVSS Base9.1
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-13457 (reserved 2025, disclosed 2026)
7.5π
WordPressMultiple Products
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5
CVSS Base7.5
β
CRSSelect profile
CVE-2026-21898
8.2π
CryptoLibMultiple Products
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station
CVSS Base8.2
β
CRSSelect profile
CVE-2026-22704
8π
HAXMultiple Products
HAX CMS helps manage microsite universe with PHP or NodeJs backends
CVSS Base8
β
CRSSelect profile
CVE-2026-0830
7.8π
beforeMultiple Products
Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0
CVSS Base7.8
β
CRSSelect profile
CVE-2025-64092 (reserved 2025, disclosed 2026)
7.5π
ThisMultiple Products
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database
CVSS Base7.5
β
CRSSelect profile
CVE-2026-22697
7.5π
CryptoLibMultiple Products
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station
CVSS Base7.5
β
CRSSelect profile
CVE-2026-21897
7.3π
CryptoLibMultiple Products
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station
CVSS Base7.3
β
CRSSelect profile
CVE-2026-22589
7.5π
SpreeMultiple Products
Spree is an open source e-commerce solution built with Ruby on Rails
CVSS Base7.5
β
CRSSelect profile
CVE-2026-21884
8.2π
ReactMultiple Products
React Router is a router for React
CVSS Base8.2
β
CRSSelect profile
CVE-2026-22029
8π
ReactMultiple Products
React Router is a router for React
CVSS Base8
β
CRSSelect profile
CVE-2025-59057 (reserved 2025, disclosed 2026)
7.6π
ReactMultiple Products
React Router is a router for React
CVSS Base7.6
β
CRSSelect profile
CVE-2025-15499 (reserved 2025, disclosed 2026)
8.8π
hasMultiple Products
A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3
CVSS Base8.8
β
CRSSelect profile
CVE-2026-22685
8.8π
DevToysMultiple Products
DevToys is a desktop app for developers
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0836
8.8π
wasMultiple Products
A vulnerability was determined in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0837
8.8π
wasMultiple Products
A vulnerability was identified in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0838
8.8
securityMultiple Products
A security flaw has been discovered in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0839
8.8
weaknessMultiple Products
A weakness has been identified in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0840
8.8
securityMultiple Products
A security vulnerability has been detected in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0841
8.8
wasMultiple Products
A vulnerability was detected in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-9222 (reserved 2025, disclosed 2026)
8.7
versionsMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18
CVSS Base8.7
β
CRSSelect profile
CVE-2025-64091 (reserved 2025, disclosed 2026)
8.6
ThisMultiple Products
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device
CVSS Base8.6
β
CRSSelect profile
CVE-2025-67070 (reserved 2025, disclosed 2026)
8.2
existsMultiple Products
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2
CVSS Base8.2
β
CRSSelect profile
CVE-2026-22594
8.1
GhostMultiple Products
Ghost is a Node
CVSS Base8.1
β
CRSSelect profile
CVE-2026-22595
8.1
GhostMultiple Products
Ghost is a Node
CVSS Base8.1
β
CRSSelect profile
CVE-2026-22687
8.1
WeKnoraMultiple Products
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval
CVSS Base8.1
β
CRSSelect profile
CVE-2025-13761 (reserved 2025, disclosed 2026)
8
versionsMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18
CVSS Base8
β
CRSSelect profile
CVE-2025-67133 (reserved 2025, disclosed 2026)
7.5
issueMultiple Products
An issue in Hero Motocorp Vida V1 Pro 2
CVSS Base7.5
β
CRSSelect profile
CVE-2026-22699
7.5
UnknownMultiple Products
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof
CVSS Base7.5
β
CRSSelect profile
CVE-2026-22700
7.5
UnknownMultiple Products
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof
CVSS Base7.5
β
CRSSelect profile
CVE-2026-22777
7.5
UnknownMultiple Products
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI
CVSS Base7.5
β
CRSSelect profile
CVE-2025-15502 (reserved 2025, disclosed 2026)
7.3
wasMultiple Products
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3
CVSS Base7.3
β
CRSSelect profile
CVE-2025-15503 (reserved 2025, disclosed 2026)
7.3
securityMultiple Products
A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0821
7.3
wasMultiple Products
A vulnerability was determined in quickjs-ng quickjs up to 0
CVSS Base7.3
β
CRSSelect profile
CVE-2025-13772 (reserved 2025, disclosed 2026)
7.1
versionsMultiple Products
GitLab has remediated an issue in GitLab EE affecting all versions from 18