Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Yesterday's disclosures contained zero new critical vulnerabilities, a complete decrease from the prior day's 2 critical CVEs. High-priority vulnerabilities dropped substantially to 11, representing a 72% decrease from the previous 39. The actively exploited (KEV) count remains steady at 10 vulnerabilities, including legacy threats like CVE-2009-0556 affecting Microsoft Office alongside recent entries such as CVE-2026-20805 targeting Microsoft Windows and CVE-2026-20045 impacting Cisco Unified Communications Manager. Notable KEV additions include CVE-2025-37164 in HPE OneView, CVE-2025-68645 in Zimbra Collaboration Suite, and CVE-2024-37079 affecting VMware vCenter Server. Patch availability currently stands at 0%, requiring organizations to prioritize compensating controls and monitoring until vendor remediation becomes available.
Zero critical CVEs disclosed, down 100% from prior day's 2 critical vulnerabilities
11 high-priority vulnerabilities, a 72% decrease from the previous 39
Immediate action: Organizations running Microsoft Windows, Cisco Unified Communications Manager, HPE OneView, Zimbra Collaboration Suite, or VMware vCenter Server should immediately assess exposure to the 10 actively exploited vulnerabilities. With no patches currently available, implement network segmentation, enhanced logging, and access restrictions for affected systems until vendor fixes are released.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2009-0556
9.5
MicrosoftOffice
â° Federal Deadline:January 27, 2026(2 days remaining)
Microsoft Office PowerPoint Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-37164
9.5đ
Hewlett Packard Enterprise (HPE)OneView
â° Federal Deadline:January 27, 2026(2 days remaining)
Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-8110
9.5
GogsGogs
â° Federal Deadline:February 1, 2026(7 days remaining)
Gogs Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-20805
9.5
MicrosoftWindows
â° Federal Deadline:February 2, 2026(8 days remaining)
Microsoft Windows Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-20045
9.5đ
CiscoUnified Communications Manager
â° Federal Deadline:February 10, 2026(16 days remaining)
Cisco Unified Communications Products Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-68645
9.5đ
Synacor Zimbra Collaboration Suite (ZCS)
â° Federal Deadline:February 11, 2026(17 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-34026
9.5
VersaConcerto
â° Federal Deadline:February 11, 2026(17 days remaining)
Versa Concerto Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-31125
9.5
ViteVitejs
â° Federal Deadline:February 11, 2026(17 days remaining)
Vite Vitejs Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54313
9.5
Prettiereslint-config-prettier
â° Federal Deadline:February 11, 2026(17 days remaining)
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2024-37079
9.5
BroadcomVMware vCenter Server
â° Federal Deadline:February 12, 2026(18 days remaining)
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2020-36934
7.8đ
WindowsMultiple Products
Deep Instinct Windows Agent 1
CVSS Base7.8
â
CRSSelect profile
CVE-2026-0911
7.5đ
WordPressMultiple Products
The Hustle â Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7
CVSS Base7.5
â
CRSSelect profile
CVE-2026-1427
8.8đ
theMultiple Products
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server
CVSS Base8.8
â
CRSSelect profile
CVE-2026-1428
8.8đ
theMultiple Products
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server
CVSS Base8.8
â
CRSSelect profile
CVE-2026-1420
8.8đ
flawMultiple Products
A flaw has been found in Tenda AC23 16
CVSS Base8.8
â
CRSSelect profile
CVE-2020-36933
7.8đ
HTCMultiple Products
HTC IPTInstaller 4
CVSS Base7.8
â
CRSSelect profile
CVE-2020-36935
7.8đ
KMSpicoMultiple Products
KMSpico 17
CVSS Base7.8
â
CRSSelect profile
CVE-2020-36936
7.8đ
MagicMultiple Products
Magic Mouse 2 Utilities 2
CVSS Base7.8
â
CRSSelect profile
CVE-2020-36937
7.8đ
MEMUMultiple Products
Microvirt MEMU Play 3
CVSS Base7.8
â
CRSSelect profile
CVE-2026-1412
7.3đ
hasMultiple Products
A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3
CVSS Base7.3
â
CRSSelect profile
CVE-2026-1422
7.3đ
ExaminationMultiple Products
A vulnerability was found in code-projects Online Examination System 1