THREAT ALERT

ACT NOW CVE-2025-64446 9.8 Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative commands through crafted HTTP/HTTPS requests. | ACT NOW CVE-2025-62215 7.0 Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource access with improper synchronization. | ACT NOW CVE-2025-60710 7.8 Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available. | ACT NOW CVE-2025-12480 9.1 Triofox versions before 16.7.10368.56560 contain an improper access control flaw allowing access to initial setup pages after setup is complete, enabling reconfiguration attacks. | ACT NOW CVE-2025-34299 9.3 Monsta FTP web-based file manager versions 2.11 and earlier allow unauthenticated arbitrary file uploads. The vulnerability enables attackers to upload malicious files from a compromised FTP server, which are then executed on the Monsta FTP server, achieving remote code execution. | ACT NOW CVE-2025-64328 8.6 FreePBX Endpoint Manager contains a post-authentication command injection via the testconnection/check_ssh_connect function, allowing authenticated users to execute OS commands. | ACT NOW CVE-2025-11953 9.8 React Native Metro Development Server binds to external interfaces by default and contains an OS command injection endpoint, allowing unauthenticated network attackers to execute arbitrary code. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — November 16, 2025

22 CVEs tracked today. 0 Critical, 1 High, 9 Medium, 12 Low.

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities