Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Friday's vulnerability landscape includes 9 critical CVEs (CVSS 9.0+), a 44% decrease from Thursday's 16 critical disclosures. High-priority vulnerabilities remain steady at 91 (down 5% from 96), while actively exploited CVEs hold constant at 14 KEV entries. Notable critical vulnerabilities include CVE-2026-1340, a code injection flaw in Ivanti Endpoint Manager Mobile enabling unauthenticated RCE, and CVE-2026-1453, a missing authentication vulnerability in KiloView Encoder Series allowing unauthorized admin account manipulation. The 14 actively exploited vulnerabilities span multiple vendors including Microsoft Windows and Office, Cisco Unified Communications Manager, VMware vCenter Server, and Zimbra Collaboration Suite. Current patch availability sits at 0%, requiring organizations to implement compensating controls until vendor fixes become available.
9 critical CVEs disclosed (44% decrease from Thursday's 16)
91 high-priority vulnerabilities (5% decrease from 96)
14 actively exploited CVEs affecting Microsoft, Cisco, VMware, Zimbra, and Linux systems
0% patch availability requires compensating controls and monitoring
Ivanti EPMM and KiloView Encoder Series face critical authentication and code injection flaws
Immediate action: Priority assessment needed for environments running Microsoft Windows/Office, Cisco UCM, VMware vCenter, and Zimbraβall present in the active exploitation list. With zero patches currently available, implement network segmentation, enhanced monitoring, and access restrictions for affected systems until vendor remediations are released.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2026-1281
9.8
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote codeMultiple Products
β° Federal Deadline:January 31, 2026(2 days remaining)
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
CVSS Base9.8
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-8110
9.5
GogsGogs
β° Federal Deadline:February 1, 2026(3 days remaining)
Gogs Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2026-20805
9.5
MicrosoftWindows
β° Federal Deadline:February 2, 2026(4 days remaining)
Microsoft Windows Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-20045
9.5π
CiscoUnified Communications Manager
β° Federal Deadline:February 10, 2026(12 days remaining)
Cisco Unified Communications Products Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-68645
9.5π
Synacor Zimbra Collaboration Suite (ZCS)
β° Federal Deadline:February 11, 2026(13 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-34026
9.5
VersaConcerto
β° Federal Deadline:February 11, 2026(13 days remaining)
Versa Concerto Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-31125
9.5
ViteVitejs
β° Federal Deadline:February 11, 2026(13 days remaining)
Vite Vitejs Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-54313
9.5
Prettiereslint-config-prettier
β° Federal Deadline:February 11, 2026(13 days remaining)
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2024-37079
9.5
BroadcomVMware vCenter Server
β° Federal Deadline:February 12, 2026(14 days remaining)
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2018-14634
9.5
LinuxKernal
β° Federal Deadline:February 15, 2026(17 days remaining)
Linux Kernel Integer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-52691
9.5π
SmarterToolsSmarterMail
β° Federal Deadline:February 15, 2026(17 days remaining)
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-23760
9.5
SmarterToolsSmarterMail
β° Federal Deadline:February 15, 2026(17 days remaining)
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-24061
9.5π
GNUInetUtils
β° Federal Deadline:February 15, 2026(17 days remaining)
GNU InetUtils Argument Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2026-21509
9.5π
MicrosoftOffice
β° Federal Deadline:February 15, 2026(17 days remaining)
Microsoft Office Security Feature Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2020-37000
9.8π
FreeMultiple Products
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems.
CVSS Base9.8
β
CRSSelect profile
CVE-2020-37012
9.8π
Tea LaTexMultiple Products
Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX payload with shell commands that are executed when processed by the application's tex2png API action.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-22806
9.1π
vCluster Platform provides a Kubernetes platform for managing virtualMultiple Products
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user still cannot access resources beyond what is accessible to the owner of the access key. Versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10 fix the vulnerability. Some other mitigations are available. Users can limit exposure by reviewing access keys which are scoped and ensuring any users with access to them have appropriate permissions set. Creating automation users with very limited permissions and using access keys for these automation users can be used as a temporary workaround where upgrading is not immediately possible but scoped access keys are needed.
CVSS Base9.1
β
CRSSelect profile
CVE-2026-0963
9.9π
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows aMultiple Products
An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
CVSS Base9.9
β
CRSSelect profile
CVE-2020-37002
9.8π
AjentiMultiple Products
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-1340
9.8π
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote codeMultiple Products
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
CVSS Base9.8
β
CRSSelect profile
CVE-2020-36997
9.8π
BacklinkSpeedMultiple Products
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining control of the application.
CVSS Base9.8
β
CRSSelect profile
CVE-2020-37010
9.8π
BearShare LiteMultiple Products
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search keywords field.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-1453
9.8π
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administratorMultiple Products
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-14386
8.8π
WordPressMultiple Products
The Search Atlas SEO β Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions in versions 2
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0844
8.8π
WordPressMultiple Products
The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6
CVSS Base8.8
β
CRSSelect profile
CVE-2025-33217
7.8π
NVIDIAMultiple Products
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free
CVSS Base7.8
β
CRSSelect profile
CVE-2025-14975
8.1π
WordPressMultiple Products
The Custom Login Page Customizer WordPress plugin before 2
CVSS Base8.1
β
CRSSelect profile
CVE-2025-33218
7.8π
NVIDIAMultiple Products
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm
CVSS Base7.8
β
CRSSelect profile
CVE-2026-1280
7.5π
WordPressMultiple Products
The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36995
7.5π
forMultiple Products
Mocha Telnet Lite for iOS 4
CVSS Base7.5
β
CRSSelect profile
CVE-2022-40620
7.7π
NETGEARMultiple Products
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism
CVSS Base7.7
β
CRSSelect profile
CVE-2025-46691
7.8π
DellMultiple Products
Dell PremierColor Panel Driver, versions prior to 1
CVSS Base7.8
β
CRSSelect profile
CVE-2026-21418
7.8π
DellMultiple Products
Dell Unity, version(s) 5
CVSS Base7.8
β
CRSSelect profile
CVE-2026-22277
7.8π
DellMultiple Products
Dell UnityVSA, version(s) 5
CVSS Base7.8
β
CRSSelect profile
CVE-2026-1616
7.5π
TheMultiple Products
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025
CVSS Base7.5
β
CRSSelect profile
CVE-2026-0805
8.2π
BackupMultiple Products
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal
CVSS Base8.2
β
CRSSelect profile
CVE-2020-36992
7.8π
NordMultiple Products
Nord VPN 6
CVSS Base7.8
β
CRSSelect profile
CVE-2022-40619
7.7π
NETGEARMultiple Products
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices
CVSS Base7.7
β
CRSSelect profile
CVE-2020-36963
7.5
RouterMultiple Products
Intelbras Router RF 301K firmware version 1
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36945
8.2
WebDamnMultiple Products
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials
CVSS Base8.2
β
CRSSelect profile
CVE-2026-24902
7.1
priorMultiple Products
TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0
CVSS Base7.1
β
CRSSelect profile
CVE-2025-13986
7.5
DrupalMultiple Products
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass
CVSS Base7.5
β
CRSSelect profile
CVE-2025-7714
7.5
Global InteractiveMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc
CVSS Base7.5
β
CRSSelect profile
CVE-2026-24772
8.9
OpenProjectMultiple Products
OpenProject is an open-source, web-based project management software
CVSS Base8.9
β
CRSSelect profile
CVE-2025-58150
8.8
ShadowMultiple Products
Shadow mode tracing code uses a set of per-CPU variables to avoid
cumbersome parameter passing
CVSS Base8.8
β
CRSSelect profile
CVE-2020-36969
8.8
UnknownMultiple Products
M/Monit 3
CVSS Base8.8
β
CRSSelect profile
CVE-2020-37009
8.8
PACSMultiple Products
MedDream PACS Server 6
CVSS Base8.8
β
CRSSelect profile
CVE-2025-69516
8.8
AMultiple Products
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1
CVSS Base8.8
β
CRSSelect profile
CVE-2026-1637
8.8
wasMultiple Products
A vulnerability was identified in Tenda AC21 16
CVSS Base8.8
β
CRSSelect profile
CVE-2025-57793
8.6
priorMultiple Products
Explorance Blue versions prior to 8
CVSS Base8.6
β
CRSSelect profile
CVE-2020-36965
8.4
docPrintMultiple Products
docPrint Pro 8
CVSS Base8.4
β
CRSSelect profile
CVE-2020-36970
8.4
PMBMultiple Products
PMB 5
CVSS Base8.4
β
CRSSelect profile
CVE-2020-36971
8.4
NidesoftMultiple Products
Nidesoft 3GP Video Converter 2
CVSS Base8.4
β
CRSSelect profile
CVE-2020-37001
8.4
FrigateMultiple Products
Frigate Professional 3
CVSS Base8.4
β
CRSSelect profile
CVE-2020-37013
8.4
PlaybackMultiple Products
Audio Playback Recorder 3
CVSS Base8.4
β
CRSSelect profile
CVE-2025-62514
8.3
ParsecMultiple Products
Parsec is a cloud-based application for cryptographically secure file sharing
CVSS Base8.3
β
CRSSelect profile
CVE-2020-36972
8.2
SmartBlogMultiple Products
SmartBlog 2
CVSS Base8.2
β
CRSSelect profile
CVE-2020-36999
8.2
ElaniinMultiple Products
Elaniin CMS 1
CVSS Base8.2
β
CRSSelect profile
CVE-2020-37004
8.2
ProjectMultiple Products
Ultimate Project Manager CRM PRO 2
CVSS Base8.2
β
CRSSelect profile
CVE-2020-37006
8.2
berliCRMMultiple Products
berliCRM 1
CVSS Base8.2
β
CRSSelect profile
CVE-2025-1395
8.2
Codriapp InnovationMultiple Products
Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc
CVSS Base8.2
β
CRSSelect profile
CVE-2025-13982
8.1
DrupalMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery
CVSS Base8.1
β
CRSSelect profile
CVE-2025-14472
8.1
DrupalMultiple Products
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery
CVSS Base8.1
β
CRSSelect profile
CVE-2026-1610
8.1
wasMultiple Products
A vulnerability was found in Tenda AX12 Pro V2 16
CVSS Base8.1
β
CRSSelect profile
CVE-2025-7016
8
Improper AccessMultiple Products
Improper Access Control vulnerability in AkΔ±n Software Computer Import Export Industry and Trade Ltd
CVSS Base8
β
CRSSelect profile
CVE-2020-36984
7.8
EPSONMultiple Products
EPSON 1
CVSS Base7.8
β
CRSSelect profile
CVE-2020-36985
7.8
WatcherMultiple Products
IP Watcher 3
CVSS Base7.8
β
CRSSelect profile
CVE-2020-36986
7.8
PreyMultiple Products
Prey 1
CVSS Base7.8
β
CRSSelect profile
CVE-2020-36987
7.8
AccessMultiple Products
Program Access Controller 1
CVSS Base7.8
β
CRSSelect profile
CVE-2020-36989
7.8
ManagementMultiple Products
ForensiT AppX Management Service 2
CVSS Base7.8
β
CRSSelect profile
CVE-2020-36990
7.8
InputMultiple Products
Input Director 1
CVSS Base7.8
β
CRSSelect profile
CVE-2020-36991
7.8
ShareMouseMultiple Products
ShareMouse 5
CVSS Base7.8
β
CRSSelect profile
CVE-2025-57283
7.8
TheMultiple Products
The Node
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33219
7.8
NVIDIAMultiple Products
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound
CVSS Base7.8
β
CRSSelect profile
CVE-2025-33220
7.8
NVIDIAMultiple Products
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed
CVSS Base7.8
β
CRSSelect profile
CVE-2025-61731
7.8
BuildingMultiple Products
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content
CVSS Base7.8
β
CRSSelect profile
CVE-2026-24856
7.8
iccDEVMultiple Products
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles
CVSS Base7.8
β
CRSSelect profile
CVE-2020-37016
7.8
BarcodeOCRMultiple Products
BarcodeOCR 19
CVSS Base7.8
β
CRSSelect profile
CVE-2020-37017
7.8
CodeMeterMultiple Products
CodeMeter 6
CVSS Base7.8
β
CRSSelect profile
CVE-2020-37020
7.8
SonarQubeMultiple Products
SonarQube 8
CVSS Base7.8
β
CRSSelect profile
CVE-2020-37021
7.8
BandwidthMultiple Products
10-Strike Bandwidth Monitor 3
CVSS Base7.8
β
CRSSelect profile
CVE-2025-68662
7.6
DiscourseMultiple Products
Discourse is an open source discussion platform
CVSS Base7.6
β
CRSSelect profile
CVE-2026-25116
7.6
RuntipiMultiple Products
Runtipi is a personal homeserver orchestrator
CVSS Base7.6
β
CRSSelect profile
CVE-2025-65886
7.5
OneFlow A shapeMultiple Products
A shape mismatch vulnerability in OneFlow v0
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65888
7.5
dimensionMultiple Products
A dimension validation flaw in the flow
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65889
7.5
typeMultiple Products
A type validation flaw in the flow
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65890
7.5
AMultiple Products
A device-ID validation flaw in OneFlow v0
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36943
7.5
aScMultiple Products
aSc TimeTables 2021
CVSS Base7.5
β
CRSSelect profile
CVE-2025-65891
7.5
GPUMultiple Products
A GPU device-ID validation flaw in OneFlow v0
CVSS Base7.5
β
CRSSelect profile
CVE-2025-70999
7.5
GPUMultiple Products
A GPU device-ID validation flaw in the flow
CVSS Base7.5
β
CRSSelect profile
CVE-2025-71000
7.5
issueMultiple Products
An issue in the flow
CVSS Base7.5
β
CRSSelect profile
CVE-2025-14840
7.5
DrupalMultiple Products
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing
CVSS Base7.5
β
CRSSelect profile
CVE-2025-61726
7.5
TheMultiple Products
The net/url package does not set a limit on the number of query parameters in a query
CVSS Base7.5
β
CRSSelect profile
CVE-2025-71003
7.5
An inputMultiple Products
An input validation vulnerability in the flow
CVSS Base7.5
β
CRSSelect profile
CVE-2025-71007
7.5
An inputMultiple Products
An input validation vulnerability in the oneflow
CVSS Base7.5
β
CRSSelect profile
CVE-2020-37008
7.5
EasyPMSMultiple Products
EasyPMS 1
CVSS Base7.5
β
CRSSelect profile
CVE-2020-37011
7.5
FontsMultiple Products
Gnome Fonts Viewer 3
CVSS Base7.5
β
CRSSelect profile
CVE-2020-37015
7.5
RuijieMultiple Products
Ruijie Networks Switch eWeb S29_RGOS 11
CVSS Base7.5
β
CRSSelect profile
CVE-2025-7713
7.5
Global InteractiveMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc
CVSS Base7.5
β
CRSSelect profile
CVE-2026-24714
7.5
NETGEARMultiple Products
Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box
CVSS Base7.5
β
CRSSelect profile
CVE-2026-1534
7.3
MusicMultiple Products
A weakness has been identified in code-projects Online Music Site 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-1535
7.3
MusicMultiple Products
A security vulnerability has been detected in code-projects Online Music Site 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-1545
7.3
ManagementMultiple Products
A weakness has been identified in itsourcecode School Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-1589
7.3
ManagementMultiple Products
A vulnerability was determined in itsourcecode School Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-1590
7.3
ManagementMultiple Products
A vulnerability was identified in itsourcecode School Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-1593
7.3
ManagementMultiple Products
A weakness has been identified in itsourcecode Society Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-1594
7.3
ManagementMultiple Products
A security vulnerability has been detected in itsourcecode Society Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-1595
7.3
ManagementMultiple Products
A vulnerability was detected in itsourcecode Society Management System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-23896
7.2
immichMultiple Products
immich is a high performance self-hosted photo and video management solution
CVSS Base7.2
β
CRSSelect profile
CVE-2025-68479
7.1
DiscourseMultiple Products
Discourse is an open source discussion platform
CVSS Base7.1
β
CRSSelect profile
CVE-2020-37005
7.1
TimeClockMultiple Products
TimeClock Software 1
CVSS Base7.1
β
CRSSelect profile
CVE-2026-25126
7.1
PolarLearnMultiple Products
PolarLearn is a free and open-source learning program
CVSS Base7.1
β
CRSSelect profile
CVE-2025-13917
7
priorMultiple Products
WSS Agent, prior to 9
CVSS Base7
β
CRSSelect profile
CVE-2025-68119
7
DownloadingMultiple Products
Downloading and building modules with malicious version strings can cause local code execution