THREAT ALERT

EMERGENCY CVE-2025-43300 10.0 Apple iOS/iPadOS contain an out-of-bounds write in image processing that allows code execution through malicious images, exploited in extremely sophisticated targeted attacks against specific individuals. | EMERGENCY CVE-2025-7441 9.8 The StoryChief WordPress plugin through version 1.0.42 contains an unauthenticated arbitrary file upload via the /wp-json/storychief/webhook REST API endpoint. Insufficient file type validation allows attackers to upload executable PHP files, achieving remote code execution on the WordPress server. | EMERGENCY CVE-2025-8876 9.4 N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerability to CVE-2025-8875. | ACT NOW CVE-2025-8875 9.4 N-able N-central before 2025.3.1 contains a deserialization vulnerability allowing local code execution through crafted serialized data. | ACT NOW CVE-2025-8943 9.8 Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS commands. The combination of no default authentication and the ability to spawn local processes via tools like npx enables unauthenticated remote code execution on any Flowise installation. | ACT NOW CVE-2025-8088 8.4 WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks. | EMERGENCY CVE-2025-54253 10.0 Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated remote code execution with changed scope (CVSS 10.0). | ACT NOW CVE-2025-54948 9.4 Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise. | ACT NOW CVE-2025-6205 9.1 DELMIA Apriso contains a missing authorization vulnerability allowing attackers to gain privileged access to the manufacturing execution system application. | ACT NOW CVE-2025-6204 8.0 DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbitrary code on the manufacturing execution system. | ACT NOW CVE-2025-54782 9.4 Nest is a framework for building scalable Node.js server-side applications. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%. | ACT NOW CVE-2025-31277 8.8 WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — August 24, 2025

22 CVEs tracked today. 1 Critical, 5 High, 2 Medium, 14 Low.

CVE-2025-36157 CRITICAL CVSS 9.8
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Jazz Foundation
CVE-2025-36174 HIGH CVSS 8.0
IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Integrated Analytics System
CVE-2025-9393 HIGH CVSS 7.4
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-9392 HIGH CVSS 7.4
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linksys Re6250 Firmware Re6300 Firmware Re6350 Firmware
CVE-2025-9380 HIGH CVSS 7.1
Hard-coded root credentials in FNKvision Y215 CCTV Camera firmware (version 10.194.120.40) allow local authenticated attackers with low privileges to escalate to root access, achieving complete system compromise. Public exploit code demonstrates credential extraction from firmware binaries. EPSS score of 0.01% (2nd percentile) indicates minimal observed scanning activity despite public POC availability, likely due to the local access requirement limiting remote mass exploitation. CISA KEV does not list this CVE, suggesting no confirmed widespread active exploitation targeting these IoT cameras.

Authentication Bypass
CVE-2025-9379 HIGH CVSS 8.6
A vulnerability was determined in Belkin AX1800 1.1.00.016. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-9382 MEDIUM CVSS 4.5
A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
CVE-2025-8208 MEDIUM CVSS 6.4
The Spexo Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.0.23 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress XSS
CVE-2025-9397 LOW CVSS 2.1
A weakness has been identified in givanz Vvveb up to 1.0.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass File Upload
CVE-2025-9396 LOW CVSS 1.9
A security flaw has been discovered in ckolivas lrzip up to 0.651. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
CVE-2025-9395 LOW CVSS 2.1
A vulnerability was identified in wangsongyan wblog 0.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
CVE-2025-9394 LOW CVSS 1.9
A flaw has been found in PoDoFo 1.1.0-dev.cpp of the component PDF Dictionary Parser. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service
CVE-2025-9391 LOW CVSS 2.1
A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2025-9390 LOW CVSS 1.9
A security flaw has been discovered in vim up to 9.1.1615. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow
CVE-2025-9389 LOW CVSS 1.9
A vulnerability was identified in vim 9.1.0000. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow
CVE-2025-9388 LOW CVSS 2.0
A vulnerability was determined in Scada-LTS up to 2.7.8.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS
CVE-2025-9387 LOW CVSS 2.1
A vulnerability was found in DCN DCME-720 9.1.5.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection
CVE-2025-9386 LOW CVSS 1.9
A vulnerability has been found in appneta tcpreplay up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service
CVE-2025-9385 LOW CVSS 1.9
A flaw has been found in appneta tcpreplay up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service
CVE-2025-9384 LOW CVSS 1.9
A vulnerability was detected in appneta tcpreplay up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
CVE-2025-9383 LOW CVSS 1.1
A security vulnerability has been detected in FNKvision Y215 CCTV Camera 10.194.120.40. Rated low severity (CVSS 2.0). No vendor patch available.

Information Disclosure
CVE-2025-9381 LOW CVSS 0.3
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. Rated low severity (CVSS 1.0). No vendor patch available.

Information Disclosure

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities