EMERGENCY
CVE-2025-43300
10.0
Apple iOS/iPadOS contain an out-of-bounds write in image processing that allows code execution through malicious images, exploited in extremely sophisticated targeted attacks against specific individuals.
|
EMERGENCY
CVE-2025-7441
9.8
The StoryChief WordPress plugin through version 1.0.42 contains an unauthenticated arbitrary file upload via the /wp-json/storychief/webhook REST API endpoint. Insufficient file type validation allows attackers to upload executable PHP files, achieving remote code execution on the WordPress server.
|
EMERGENCY
CVE-2025-8876
9.4
N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerability to CVE-2025-8875.
|
ACT NOW
CVE-2025-8875
9.4
N-able N-central before 2025.3.1 contains a deserialization vulnerability allowing local code execution through crafted serialized data.
|
ACT NOW
CVE-2025-8943
9.8
Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS commands. The combination of no default authentication and the ability to spawn local processes via tools like npx enables unauthenticated remote code execution on any Flowise installation.
|
ACT NOW
CVE-2025-8088
8.4
WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.
|
EMERGENCY
CVE-2025-54253
10.0
Adobe Experience Manager versions 6.5.23 and earlier contain a misconfiguration vulnerability enabling unauthenticated remote code execution with changed scope (CVSS 10.0).
|
ACT NOW
CVE-2025-54948
9.4
Trend Micro Apex One on-premise management console allows pre-authenticated remote attackers to upload malicious code and execute commands, enabling complete server compromise.
|
ACT NOW
CVE-2025-6205
9.1
DELMIA Apriso contains a missing authorization vulnerability allowing attackers to gain privileged access to the manufacturing execution system application.
|
ACT NOW
CVE-2025-6204
8.0
DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbitrary code on the manufacturing execution system.
|
ACT NOW
CVE-2025-54782
9.4
Nest is a framework for building scalable Node.js server-side applications. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.
|
ACT NOW
CVE-2025-31277
8.8
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.
|
Today's Vulnerabilities Vulnerabilities
Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.
CVEs published in review
Track vulnerabilities that matter to your stack
Personalized alerts, dashboards, and weekly digests – free.
Trending Now
🚨
GHSA
MAL
CVSS
NEWS
No trending vulnerabilities right now
Critical Watch
KEV
POC
CVSS
No critical watch entries today
Attack Technique Trend
Prediction based on ZDI Disclosures & CVE data
· 30 days
Vendor Today – Quick Filter
Techniques
POC
CISA KEV
PATCH
UNPATCHED
results
Sort:
Base Score
Vector String
Attack Vector (AV)
Attack Complexity (AC)
Privileges Required (PR)
User Interaction (UI)
Scope (S)
Confidentiality (C)
Integrity (I)
Availability (A)
0
|
3.9|
6.9|
8.9|
10
NONE
LOW
MEDIUM
HIGH
CRITICAL
CVSS Filter
– CVEs match
No CVEs match the selected criteria
Loading...
No vulnerabilities found for this date.
Data may not have been fetched yet.
Live Feed
auto-refresh 60s
KEV
POC
No new CVEs in the last 2 hours. Check back soon.