324 CVEs published in 2025. 181 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
324 fix guides from 2025 ⚠ 181 actively exploited (CISA KEV)CVE-2025-0282 is a stack-based buffer overflow in Connect Secure. Verified patched version, official vendor advisory, and how to confirm the
CVE-2025-10035 is an unsafe deserialization in GoAnywhere MFT. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2025-11953 is an OS command injection in the product. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-12480 is an access control bypass in TrioFox. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-1316 is an OS command injection in IC-7100 IP Camera. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2025-14733 is an OS command injection in Fireware OS. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-20281 is the second of two unauth RCE bugs in Cisco ISE 3.3.0. Same patch as CVE-2025-20337. Here are the verified upgrade steps.
CVE-2025-20333 affects the VPN web server in Cisco Secure Firewall ASA. CVSS 9.9 Critical and listed in CISA KEV. Patch steps inside.
CVE-2025-20337 lets an unauthenticated attacker run code as root on Cisco ISE 3.3 and ISE-PIC 3.2 via the management API. Patch steps and ve
CVE-2025-20393 lets an unauthenticated attacker run code on Cisco Secure Email Gateway and Web Manager via the Spam Quarantine API. Here's t
CVE-2025-22224 is an out-of-bounds write in ESXi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-22457 is a stack-based buffer overflow in Connect Secure. Verified patched version, official vendor advisory, and how to confirm th
CVE-2025-24016 is an unsafe deserialization in wazuh. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-24893 is a code injection in xwiki-platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-25257 is an SQL injection in Fortinet FortiWeb's management interface. CVSS 9.6 Critical. Patched builds and CLI lockdown.
CVE-2025-26399 lets an unauthenticated attacker exploit a deserialization flaw in SolarWinds Web Help Desk. Patched build and upgrade proced
CVE-2025-2746 is an authentication bypass in Xperience. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-2747 is an authentication bypass in Xperience. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-2775 is a XML external entity (XXE) in SysAid On-Prem. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2025-2776 is a XML external entity (XXE) in SysAid On-Prem. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2025-30406 is an unsafe deserialization in CentreStack. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2025-31161 is an authentication bypass in CrushFTP. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-31324 lets an unauthenticated attacker upload malicious binaries to SAP NetWeaver Visual Composer Metadata Uploader. Patch and lock
CVE-2025-32432 is a code injection in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-32433 is an authentication bypass in otp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-32463 is a local privilege escalation in Sudo. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-3248 is an authentication bypass in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-32756 is a critical stack buffer overflow across FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. Patched builds in
CVE-2025-32975 is an authentication bypass flaw in KACE Systems Management Appliance (SMA). Verified patched version and mitigations from th
CVE-2025-34026 is an authentication bypass in Concerto. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-34028: a path traversal in Command Center Innovation Release. Patched version and vendor advisory inside.
CVE-2025-34291 is a vulnerability in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-37164 is a vulnerability in HPE OneView. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-40551 is another untrusted deserialization flaw in SolarWinds Web Help Desk. Same advisory and same patched release as CVE-2025-263
CVE-2025-42599 is a stack-based buffer overflow in Active! mail 6. Verified patched version, official vendor advisory, and how to confirm th
CVE-2025-42999: an unsafe deserialization in SAP NetWeaver (Visual Composer developme. Patched version and vendor advisory inside.
CVE-2025-4632 is a path traversal in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-47812 is an improper input validation in Wing FTP Server. Verified patched version, official vendor advisory, and how to confirm th
CVE-2025-48703 is an OS command injection in CentOS Web Panel. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2025-49113 is an unsafe deserialization in Webmail. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-5086 is an unsafe deserialization in DELMIA Apriso. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2025-52691 is a vulnerability in SmarterMail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-53521 affects F5 BIG-IP APM virtual servers with access policies. CVSS 9.8 Critical. Patch and mitigation steps.
CVE-2025-53690: an unsafe deserialization in Experience Manager (XM). Patched version and vendor advisory inside.
CVE-2025-53770 - Insecure Deserialization in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this p
CVE-2025-54068 is a code injection in livewire. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-54236 is an improper input validation in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the
CVE-2025-54253 lets an attacker bypass authorization in Adobe Experience Manager Forms 6.5.23 and earlier and run arbitrary code. Here's how
CVE-2025-54309 is a vulnerability in CrushFTP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-54948 is an OS command injection in Trend Micro Apex One. Verified patched version, official vendor advisory, and how to confirm th
CVE-2025-55182: an unsafe deserialization in react-server-dom-webpack. Patched version and vendor advisory inside.
CVE-2025-5777 is a path traversal in ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-57819 is a SQL injection in endpoint. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-59287 - Insecure Deserialization in Windows Server 2012. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-59374 is a vulnerability in live update. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-59718 is an access control bypass in FortiSwitchManager. Verified patched version, official vendor advisory, and how to confirm the
CVE-2025-61757 - Security Vulnerability in Identity Manager. Runnable patch commands, mitigation snippets, and verification steps on this pa
CVE-2025-61882 - Security Vulnerability in Oracle Concurrent Processing. Runnable patch commands, mitigation snippets, and verification step
CVE-2025-61932: a code injection in Lanscope Endpoint Manager (On-Premises) . Patched version and vendor advisory inside.
CVE-2025-6205 is a vulnerability in DELMIA Apriso. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-64446 is a relative path traversal in Fortinet FortiWeb 8.0.x. CVSS 9.4 Critical. Patched build and lockdown.
CVE-2025-6543 is a denial of service in ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-68613 is a code injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-7775 is a denial of service in ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-8875 is an unsafe deserialization in N-central. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-8876 is an OS command injection in N-central. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-9242 is an OS command injection in Fireware OS. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-0108 is an authentication bypass in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-0111 is an arbitrary file read in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-0411 is a Protection Mechanism Failure flaw in 7-zip 7-Zip. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-0994 is a Insecure Deserialization flaw in Trimble Cityworks. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2025-11371 is a security vulnerability flaw in CentreStack and TrioFox. Verified patched version and mitigations from the official advis
CVE-2025-14611: Security Vulnerability in Gladinet CentreStack and TrioFox. Patched builds and fix steps.
CVE-2025-14847 is an information disclosure in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2025-15556: Download of Code Without Integrity Check in Notepad-plus-plus notepad-plus-plus. Patched builds and fix steps.
CVE-2025-1976 is a code injection in Fabric OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-20352 is a stack-based buffer overflow in IOS. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-21042 is an out-of-bounds write in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm t
CVE-2025-21043 is an out-of-bounds write in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm t
CVE-2025-21333 - Heap Buffer Overflow in Windows 10 Version 21H2. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-21334 - Use-After-Free in Windows 10 Version 21H2. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-21335 - Use-After-Free in Windows 10 Version 21H2. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-21391 - Privilege Escalation in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-21418 - Heap Buffer Overflow in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-21479 is an access control bypass in Snapdragon. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-21480 is an access control bypass in Snapdragon. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-22225 is a Security Vulnerability flaw in N/a VMware Cloud Foundation. Actively exploited per CISA KEV. Verified patched builds and
CVE-2025-22226 is a Out-of-Bounds Memory Access flaw in N/a ESXi. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-23209 is a Code Injection flaw in Craftcms cms. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-24472 is an authentication bypass in FortiProxy. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2025-24983 - Use-After-Free in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-24985 - Integer Overflow in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this p
CVE-2025-24989 - Improper Access Control in Microsoft Power Pages. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2025-24990 - Security Vulnerability in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-24993 - Heap Buffer Overflow in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2025-26633 - Security Vulnerability in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-27038 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2025-27363 is a Out-of-Bounds Memory Access flaw in Freetype FreeType. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2025-2749 is a Path Traversal flaw in Kentico Xperience. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-27920 is a Path Traversal: '../filedir' flaw in Srimax Output Messenger. Actively exploited per CISA KEV. Verified patched builds a
CVE-2025-29635 is a command injection flaw in DIR-823X. Verified patched version and mitigations from the official advisory.
CVE-2025-29824 - Use-After-Free in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-30066 - Security Vulnerability in changed-files. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2025-30154 is a vulnerability in reviewdog. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-30397 - Remote Code Execution in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2025-30400 - Use-After-Free in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-32701 - Use-After-Free in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-32706 - Improper Input Validation in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps
CVE-2025-32709 - Use-After-Free in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-33053 - Security Vulnerability in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-33073 - Improper Access Control in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-3928 is a vulnerability in Web Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-3935 is a Insecure Deserialization flaw in Connectwise ScreenConnect. Actively exploited per CISA KEV. Verified patched builds and
CVE-2025-4008 is an OS command injection in MeteoBridge. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2025-40536 is an authentication bypass in Web Help Desk. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2025-41244 is a local privilege escalation in VCF operations. Verified patched version, official vendor advisory, and how to confirm the
CVE-2025-4428 is a code injection in Endpoint Manager Mobile. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2025-48384 is an interpretation conflict in git. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-49704 - Code Injection in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this page.
CVE-2025-54313: Embedded Malicious Code in Prettier eslint-config-prettier. Patched builds and fix steps.
CVE-2025-58360 is a XXE Injection flaw in Geoserver geoserver. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-59230 - Improper Access Control in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-60710 - Security Vulnerability in Windows 11 Version 24H2. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-61884 - Server-Side Request Forgery in Oracle Configurator. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-6204 is a Code Injection flaw in Dassault Systèmes DELMIA Apriso. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2025-6218 is a Path Traversal flaw in Rarlab WinRAR. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-62215 - Remote Code Execution in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2025-62221 - Use-After-Free in Windows 10 Version 1809. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2025-64328 is an OS command injection in filestore. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2025-66376 is a Cross-Site Scripting flaw in Zimbra Collaboration. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2025-66644 is a OS Command Injection flaw in Array Networks ArrayOS AG. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2025-68461 is a Cross-Site Scripting flaw in Roundcube Webmail. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-68645 is a security vulnerability flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the offic
CVE-2025-8088 is a Path traversal flaw in Win.rar Gmbh WinRAR. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-8110 is a path traversal in Gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2025-9377 is an OS command injection in Archer C7(EU) V2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2025-20362: a vulnerability in Cisco Secure Firewall Adaptive Security . Patched version and vendor advisory inside.
CVE-2025-21590: Improper Isolation or Compartmentalization in Juniper Networks Junos OS. Patched builds and fix steps.
CVE-2025-24054 - Spoofing Vulnerability in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-24984 - Information Disclosure in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2025-24991 - Out-of-Bounds Read in Windows 10 Version 1507. Runnable patch commands, mitigation snippets, and verification steps on this
CVE-2025-25181 is a SQL Injection flaw in Advantive VeraCore. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-27915 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2025-31125 is a Information Disclosure flaw in Vitejs vite. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-35939: External Control of Assumed-Immutable Web Parameter in Craft CMS. Patched builds and fix steps.
CVE-2025-4427 is a Authentication Bypass flaw in Ivanti Endpoint Manager Mobile. Actively exploited per CISA KEV. Verified patched builds an
CVE-2025-47813: Generation of Error Message Containing Sensitive Information in Wftpserver Wing FTP Server. Patched builds and fix steps.
CVE-2025-47827 is a security vulnerability flaw in In IGEL OS. Verified patched version and mitigations from the official advisory.
CVE-2025-48700 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2025-48927 is a Insecure Default Configuration flaw in Telemessage service. Actively exploited per CISA KEV. Verified patched builds and
CVE-2025-48928: Exposure of Core Dump File to an Unauthorized Control Sphere in Telemessage service. Patched builds and fix steps.
CVE-2025-49706 - Authentication Bypass in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this page
CVE-2025-55177: Security Vulnerability in Facebook WhatsApp Business for iOS. Patched builds and fix steps.
CVE-2025-58034 is an OS command injection in FortiWeb. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2025-59689 is a Command Injection flaw in Libraesva Email Security Gateway. Actively exploited per CISA KEV. Verified patched builds and
CVE-2025-47729 is a hidden functionality flaw in archiving backend. Verified patched version and mitigations from the official advisory.
CVE-2025-10585 is a Type Confusion flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-13223 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-14174 is a Out-of-Bounds Memory Access flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix step
CVE-2025-23006 is a Insecure Deserialization flaw in Sonicwall SMA1000. Actively exploited per CISA KEV. Verified patched builds and fix ste
CVE-2025-24085 is a Use-After-Free flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-24200 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-24201 is a Out-of-Bounds Memory Access flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2025-24813: Path Equivalence: 'file.name' in Apache Software Foundation Apache Tomcat. Patched builds and fix steps.
CVE-2025-2783 is a Security Vulnerability flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-31200 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-31201 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-31277 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-38352 is a Security Vulnerability flaw in Linux Linux. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-40602 is a Missing Authorization flaw in Sonicwall SMA1000. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-43200 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-43300 is a Out-of-Bounds Memory Access flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and f
CVE-2025-43510 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-43520 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-43529 is a Use-After-Free flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-48543 is a Use-After-Free flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-48572 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-48633 is a Security Vulnerability flaw in Google Android. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-5419 is a Out-of-Bounds Memory Access flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps
CVE-2025-6554 is a Type Confusion flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2025-6558 is a Improper Input Validation flaw in Google Chrome. Actively exploited per CISA KEV. Verified patched builds and fix steps.
Incorrect Permission Assignment for Critical Resource in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) (Sap
Privilege Escalation in SAP NetWeaver Application Server for ABAP and ABAP Platform (Sap_Se). Critical severity. Verified patched versions a
CVE-2025-10573 is a vulnerability in Ivanti Endpoint Manager. CVSS 9.6 Critical. Verified patch steps and mitigations.
Allocation of Resources Without Limits or Throttling in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and
Improper Check for Unusual or Exceptional Conditions in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and
Cross-Site Scripting in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Use of Unmaintained Third Party Components in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediatio
Inclusion of Undocumented Features or Chicken Bits in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and re
CWE-1301 in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Use of Default Credentials in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Dependency on Vulnerable Third-Party Component in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remedi
Dependency on Vulnerable Third-Party Component in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remedi
Command Injection in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Improper Input Validation in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Information Disclosure in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Weak Password Requirements in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
CWE-22 in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Denial of Service in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Privilege Escalation in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Privilege Escalation in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Missing Authentication for Critical Function in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediat
Information Disclosure in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Inadequate Encryption Strength in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Cross-Site Request Forgery in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Unexpected Status Code or Return Value in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation st
Unexpected Status Code or Return Value in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation st
Missing Validation of OpenSSL Certificate in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation
Use of Hard-coded Cryptographic Key in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps
Denial of Service in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
Denial of Service in BLU-IC2 (Azure Access Technology). Critical severity. Verified patched versions and remediation steps.
CWE-250 in Common Cryptographic Architecture (Ibm). Critical severity. Verified patched versions and remediation steps.
Weak Authentication in Orca HCM (Learning Digital). Critical severity. Verified patched versions and remediation steps.
Authentication Bypass in API Connect (Ibm). Critical severity. Verified patched versions and remediation steps.
Authentication Bypass in Alloggio Membership (Edge-Themes). Critical severity. Verified patched versions and remediation steps.
Remote Code Execution in ingress-nginx (Kubernetes). Critical severity. Verified patched versions and remediation steps.
CVE-2025-2000 is a vulnerability in IBM Qiskit SDK. CVSS 9.8 Critical. Verified patch steps and mitigations.
Insecure Deserialization in Cisco ISE Passive Identity Connector. Critical severity. Verified patched versions and remediation steps.
Improper Handling of Insufficient Privileges in Cisco Meeting Management. Critical severity. Verified patched versions and remediation steps
Path Traversal in Cisco IOS XE Software. Critical severity. Verified patched versions and remediation steps.
Buffer Overflow in ClamAV (Cisco). Critical severity. Verified patched versions and remediation steps.
CWE-74 in Cisco Firepower Management Center. Critical severity. Verified patched versions and remediation steps.
Improper Privilege Management in Cisco Identity Services Engine Software. Critical severity. Verified patched versions and remediation steps
Use of Hard-coded Password in Cisco Identity Services Engine Software. Critical severity. Verified patched versions and remediation steps.
Use of Hard-coded Credentials in Cisco Unified Communications Manager. Critical severity. Verified patched versions and remediation steps.
Unrestricted Upload of File with Dangerous Type in Cisco Unified Contact Center Express. Critical severity. Verified patched versions and re
Authentication Bypass in Neurons for ITSM (on-prem) (Ivanti). Critical severity. Verified patched versions and remediation steps.
Remote Code Execution in Connect Secure (Ivanti). Critical severity. Verified patched versions and remediation steps.
Remote Code Execution in Backup and Recovery (Veeam). Critical severity. Verified patched versions and remediation steps.
Remote Code Execution in Backup and Recovery (Veeam). Critical severity. Verified patched versions and remediation steps.
CVE-2025-23310 is a vulnerability in NVIDIA Triton Inference Server. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-23311 is a vulnerability in NVIDIA Triton Inference Server. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-23316 is a vulnerability in NVIDIA Triton Inference Server. CVSS 9.8 Critical. Verified patch steps and mitigations.
Remote Code Execution in Kibana (Elastic). Critical severity. Verified patched versions and remediation steps.
CVE-2025-25022 is a vulnerability in IBM QRadar Suite Software. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2025-25256 is a vulnerability in Fortinet FortiSIEM. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-27203 is a vulnerability in Adobe Connect. CVSS 9.6 Critical. Verified patch steps and mitigations.
Improper Control of Generation of Code ('Code Injection' in SAP S/4HANA (Private Cloud) (Sap_Se). Critical severity. Verified patched versio
CVE-2025-28983 is a vulnerability in Clickandpledge Click & Pledge Connect. CVSS 9.8 Critical. Verified patch steps and mitigations.
Insecure Deserialization in SAP Supplier Relationship Management (Live Auction Cockpit) (Sap_Se). Critical severity. Verified patched versio
CVE-2025-30016 is a vulnerability in SAP Se SAP Financial Consolidation. CVSS 9.8 Critical. Verified patch steps and mitigations.
Deserialization of Untrusted Data in Apache Parquet Java (Apache Software Foundation). Critical severity. Verified patched versions and reme
Arbitrary File Upload in School Management (Mojoomla). Critical severity. Verified patched versions and remediation steps.
Improper Control of Generation of Code ('Code Injection' in SAP Landscape Transformation (Analysis Platform) (Sap_Se). Critical severity. Ve
CVE-2025-3278 is a vulnerability in Edge-themes UrbanGo Membership. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-33222 is a vulnerability in NVIDIA Isaac Launchable. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-33223 is a vulnerability in NVIDIA Isaac Launchable. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-33224 is a vulnerability in NVIDIA Isaac Launchable. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-3357 is a vulnerability in IBM Tivoli Monitoring. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-36157 is a vulnerability in IBM Engineering Lifecycle Management. CVSS 9.8 Critical. Verified patch steps and mitigations.
Process Control in AIX (Ibm). Critical severity. Verified patched versions and remediation steps.
CVE-2025-36251 is a vulnerability in IBM AIX. CVSS 9.6 Critical. Verified patch steps and mitigations.
CVE-2025-36386 is a vulnerability in IBM Maximo Application Suite. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-37924 is a vulnerability in Linux Linux. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-3835 is a vulnerability in Manageengine Exchange Reporter Plus. CVSS 9.6 Critical. Verified patch steps and mitigations.
Arbitrary File Upload in Hospital Management System (Mojoomla). Critical severity. Verified patched versions and remediation steps.
Arbitrary File Upload in WPAMS (Mojoomla). Critical severity. Verified patched versions and remediation steps.
Arbitrary File Upload in WPAMS (Mojoomla). Critical severity. Verified patched versions and remediation steps.
CVE-2025-39406 is a vulnerability in Mojoomla WPAMS. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-39946 is a vulnerability in Linux Linux. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-40552 is a vulnerability in Solarwinds Web Help Desk. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-40553 is a vulnerability in Solarwinds Web Help Desk. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-40554 is a vulnerability in Solarwinds Web Help Desk. CVSS 9.8 Critical. Verified patch steps and mitigations.
Security Vulnerability in bitnamicharts/appsmith (Vmware). Critical severity. Verified patched versions and remediation steps.
CWE-917 in Cloud Gateway (Spring). Critical severity. Verified patched versions and remediation steps.
Improper Control of Generation of Code in SAP Solution Manager (Sap_Se). Critical severity. Verified patched versions and remediation steps.
Improper Control of Generation of Code in SAP Solution Manager (Sap_Se). Critical severity. Verified patched versions and remediation steps.
Remote Code Execution in SQL Anywhere Monitor (Non-Gui) (Sap_Se). Critical severity. Verified patched versions and remediation steps.
Improper Control of Generation of Code in SAP NetWeaver AS Java (Deploy Web Service) (Sap_Se). Critical severity. Verified patched versions
CVE-2025-42937 is a vulnerability in SAP Se SAP Print Service. CVSS 9.8 Critical. Verified patch steps and mitigations.
Command Injection in SAP Netweaver (RMI-P4) (Sap_Se). Critical severity. Verified patched versions and remediation steps.
Improper Control of Generation of Code in SAP Landscape Transformation (Analysis Platform) (Sap_Se). Critical severity. Verified patched ver
Improper Control of Generation of Code in SAP S/4HANA (Private Cloud or On-Premise) (Sap_Se). Critical severity. Verified patched versions a
Remote Code Execution in SAP S/4HANA and SAP SCM (Characteristic Propagation) (Sap_Se). Critical severity. Verified patched versions and rem
CVE-2025-42989 is a vulnerability in SAP Se SAP NetWeaver Application Server for ABAP. CVSS 9.6 Critical. Verified patch steps and mitigatio
CWE-497 in Log Server (Nagios). Critical severity. Verified patched versions and remediation steps.
CVE-2025-4665 is a vulnerability in Wordpress Contact Form 7 Database Addon Cfdb7 By Arshid CFDB7. CVSS 9.6 Critical. Verified patch steps a
CVE-2025-47552 is a vulnerability in Digital Zoom Studio DZS Video Gallery. CVSS 9.8 Critical. Verified patch steps and mitigations.
Arbitrary File Upload in Hospital Management System (Mojoomla). Critical severity. Verified patched versions and remediation steps.
CVE-2025-48005 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
Security Vulnerability in Android (Google). Critical severity. Verified patched versions and remediation steps.
Remote Code Execution in Backup and Replication (Veeam). Critical severity. Verified patched versions and remediation steps.
CVE-2025-49212: Trend Micro, Inc. Trend Micro Endpoint Encryption Policy Server flaw. CVSS 9.8 Critical. Verified patch and mitigation steps
CVE-2025-49213: Trend Micro, Inc. Trend Micro Endpoint Encryption Policy Server flaw. CVSS 9.8 Critical. Verified patch and mitigation steps
CVE-2025-49216: Trend Micro, Inc. Trend Micro Endpoint Encryption Policy Server flaw. CVSS 9.8 Critical. Verified patch and mitigation steps
CVE-2025-49217: Trend Micro, Inc. Trend Micro Endpoint Encryption Policy Server flaw. CVSS 9.8 Critical. Verified patch and mitigation steps
CVE-2025-49219 is a vulnerability in Trend Micro, Inc. Trend Micro Apex Central. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-49220 is a vulnerability in Trend Micro, Inc. Trend Micro Apex Central. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-49533 is a vulnerability in Adobe Experience Manager (MS). CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-52581 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-53511 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-53518 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-53557 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-53853 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
Remote Code Execution in ColdFusion (Adobe). Critical severity. Verified patched versions and remediation steps.
CVE-2025-54462 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54480 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54481 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54482 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54483 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54484 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54485 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54486 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54487 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54488 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54489 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54490 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54491 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54492 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54493 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-54494 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-55037 is a vulnerability in Kujirahand TkEasyGUI. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-6380 is a vulnerability in Onlyoffice ONLYOFFICE Docs. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-66043 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-66044 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-66045 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-66046 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-66047 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-66048 is a vulnerability in The Biosig Project libbiosig. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-68263 is a vulnerability in Linux Linux. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-69258 is a vulnerability in Trend Micro, Inc. Trend Micro Apex Central. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-71210 is a vulnerability in Trend Micro, Inc. TrendAI Apex One. CVSS 9.8 Critical. Verified patch steps and mitigations.
CVE-2025-71211 is a vulnerability in Trend Micro, Inc. TrendAI Apex One. CVSS 9.8 Critical. Verified patch steps and mitigations.
Path Traversal in Dataform (Google Cloud). Critical severity. Verified patched versions and remediation steps.