Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Yesterday's disclosures contained zero critical-severity CVEs, representing a complete reduction from the prior day's 10 critical vulnerabilities. High-priority CVE volume decreased significantly to 42 entries, down 46% from the previous day's 78 disclosures. The actively exploited vulnerability count remains elevated with 13 CISA KEV additions affecting Microsoft Windows (CVE-2026-20805), Cisco Unified Communications Manager (CVE-2026-20045), and VMware vCenter Server (CVE-2024-37079). Additional KEV entries impact Microsoft Office (CVE-2026-21509), Zimbra Collaboration Suite (CVE-2025-68645), GNU InetUtils (CVE-2026-24061), and the Linux kernel (CVE-2018-14634). Current patch availability stands at 0%, requiring organizations to prioritize compensating controls and monitoring for affected systems.
Zero critical CVEs disclosed, down 100% from 10 in prior day
42 high-priority vulnerabilities, representing 46% decrease from 78
13 actively exploited KEV entries affecting Microsoft, Cisco, VMware, Zimbra, and Linux
0% patch availability requires compensating controls and enhanced monitoring
Legacy vulnerability CVE-2018-14634 affecting Linux kernel added to KEV list
Immediate action: Organizations running Microsoft Windows, Office, Cisco UCM, VMware vCenter, Zimbra, or Linux systems should implement network segmentation and enhanced logging for affected components. With zero patches currently available, focus on threat detection and applying compensating controls until vendor remediations are released.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2025-8110
9.5
GogsGogs
â° Federal Deadline:February 1, 2026(1 days remaining)
Gogs Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2026-20805
9.5
MicrosoftWindows
â° Federal Deadline:February 2, 2026(2 days remaining)
Microsoft Windows Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-20045
9.5đ
CiscoUnified Communications Manager
â° Federal Deadline:February 10, 2026(10 days remaining)
Cisco Unified Communications Products Code Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-68645
9.5đ
Synacor Zimbra Collaboration Suite (ZCS)
â° Federal Deadline:February 11, 2026(11 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-34026
9.5
VersaConcerto
â° Federal Deadline:February 11, 2026(11 days remaining)
Versa Concerto Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-31125
9.5
ViteVitejs
â° Federal Deadline:February 11, 2026(11 days remaining)
Vite Vitejs Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54313
9.5
Prettiereslint-config-prettier
â° Federal Deadline:February 11, 2026(11 days remaining)
Prettier eslint-config-prettier Embedded Malicious Code Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2024-37079
9.5
BroadcomVMware vCenter Server
â° Federal Deadline:February 12, 2026(12 days remaining)
Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2018-14634
9.5
LinuxKernal
â° Federal Deadline:February 15, 2026(15 days remaining)
Linux Kernel Integer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-52691
9.5đ
SmarterToolsSmarterMail
â° Federal Deadline:February 15, 2026(15 days remaining)
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-23760
9.5
SmarterToolsSmarterMail
â° Federal Deadline:February 15, 2026(15 days remaining)
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-24061
9.5đ
GNUInetUtils
â° Federal Deadline:February 15, 2026(15 days remaining)
GNU InetUtils Argument Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2026-21509
9.5đ
MicrosoftOffice
â° Federal Deadline:February 15, 2026(15 days remaining)
Microsoft Office Security Feature Bypass Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2020-37051
8.2đ
feedbackMultiple Products
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes
CVSS Base8.2
â
CRSSelect profile
CVE-2020-37057
8.2đ
feedback moduleMultiple Products
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter
CVSS Base8.2
â
CRSSelect profile
CVE-2025-36384
8.4đ
IBMMultiple Products
IBM Db2 for Windows 12
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37035
8.2đ
PHPMultiple Products
e-Learning PHP Script 0
CVSS Base8.2
â
CRSSelect profile
CVE-2025-36184
7.2đ
IBMMultiple Products
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)Â 11
CVSS Base7.2
â
CRSSelect profile
CVE-2025-14554
7.2đ
WordPressMultiple Products
The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1
CVSS Base7.2
â
CRSSelect profile
CVE-2025-4686
8.6đ
Kodmatic ComputerMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd
CVSS Base8.6
â
CRSSelect profile
CVE-2025-69662
8.6đ
geopandas before SQLMultiple Products
SQL injection vulnerability in geopandas before v
CVSS Base8.6
â
CRSSelect profile
CVE-2026-1686
8.8đ
TotolinkMultiple Products
A security flaw has been discovered in Totolink A3600R 5
CVSS Base8.8
â
CRSSelect profile
CVE-2026-24854
8.8đ
ChurchCRMMultiple Products
ChurchCRM is an open-source church management system
CVSS Base8.8
â
CRSSelect profile
CVE-2020-37023
8.8đ
KokenMultiple Products
Koken CMS 0
CVSS Base8.8
â
CRSSelect profile
CVE-2020-37032
8.8đ
FTPMultiple Products
Wing FTP Server 6
CVSS Base8.8
â
CRSSelect profile
CVE-2020-37024
8.4đ
DVDMultiple Products
Nidesoft DVD Ripper 5
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37025
8.4đ
ForwardingMultiple Products
Port Forwarding Wizard 4
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37028
8.4đ
ConverterMultiple Products
Socusoft Photo to Video Converter Professional 8
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37029
8.4
FTPDummyMultiple Products
FTPDummy 4
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37031
8.4
StartupMultiple Products
Simple Startup Manager 1
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37036
8.4
DownloaderMultiple Products
RM Downloader 2
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37040
8.4
CodeMultiple Products
Code Blocks 17
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37042
8.4
FrigateMultiple Products
Frigate Professional 3
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37049
8.4
FrigateMultiple Products
Frigate 3
CVSS Base8.4
â
CRSSelect profile
CVE-2020-37033
8.2
InforMultiple Products
Infor Storefront B2B 1
CVSS Base8.2
â
CRSSelect profile
CVE-2020-37030
7.8
OutlineMultiple Products
Outline Service 1
CVSS Base7.8
â
CRSSelect profile
CVE-2020-37058
7.8
FiltersMultiple Products
Andrea ST Filters Service 1
CVSS Base7.8
â
CRSSelect profile
CVE-2020-37059
7.8
PopcornMultiple Products
Popcorn Time 6
CVSS Base7.8
â
CRSSelect profile
CVE-2020-37060
7.8
AlarmMultiple Products
Atomic Alarm Clock 6
CVSS Base7.8
â
CRSSelect profile
CVE-2025-62348
7.8
UnknownMultiple Products
Salt's junos execution module contained an unsafe YAML decode/load usage
CVSS Base7.8
â
CRSSelect profile
CVE-2026-25153
7.7
developerMultiple Products
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node
CVSS Base7.7
â
CRSSelect profile
CVE-2024-4027
7.5
flawMultiple Products
A flaw was found in Undertow
CVSS Base7.5
â
CRSSelect profile
CVE-2026-25128
7.5
UnknownMultiple Products
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback
CVSS Base7.5
â
CRSSelect profile
CVE-2020-37034
7.5
HelloWebMultiple Products
HelloWeb 2
CVSS Base7.5
â
CRSSelect profile
CVE-2020-37038
7.5
CodeMultiple Products
Code Blocks 20
CVSS Base7.5
â
CRSSelect profile
CVE-2020-37039
7.5
FrigateMultiple Products
Frigate 2
CVSS Base7.5
â
CRSSelect profile
CVE-2020-37041
7.5
OpenCTIMultiple Products
OpenCTI 3
CVSS Base7.5
â
CRSSelect profile
CVE-2026-1687
7.3
weaknessMultiple Products
A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon
CVSS Base7.3
â
CRSSelect profile
CVE-2026-1688
7.3
ManagementMultiple Products
A security vulnerability has been detected in itsourcecode Directory Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-1689
7.3
wasMultiple Products
A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon
CVSS Base7.3
â
CRSSelect profile
CVE-2026-1701
7.3
ManagementMultiple Products
A security vulnerability has been detected in itsourcecode Student Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2026-25156
7.3
HotCRPMultiple Products
HotCRP is conference review software
CVSS Base7.3
â
CRSSelect profile
CVE-2026-0709
7.2
SomeMultiple Products
Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation
CVSS Base7.2
â
CRSSelect profile
CVE-2026-22623
7.2
insufficientMultiple Products
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages