THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — November 23, 2025

32 CVEs tracked today. 0 Critical, 10 High, 20 Medium, 1 Low.

CVE-2025-48507 HIGH CVSS 8.6
The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-13553 HIGH CVSS 7.4
A weakness has been identified in D-Link DWR-M920 1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dwr M920 Firmware
CVE-2025-13552 HIGH CVSS 7.4
A security flaw has been discovered in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
CVE-2025-13551 HIGH CVSS 7.4
A vulnerability was identified in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
CVE-2025-13550 HIGH CVSS 7.4
A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
CVE-2025-13549 HIGH CVSS 7.4
A vulnerability was found in D-Link DIR-822K 1.00. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware
CVE-2025-13548 HIGH CVSS 7.4
A vulnerability has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
CVE-2025-13547 HIGH CVSS 7.4
A flaw has been found in D-Link DIR-822K and DWR-M920 1.00_20250513164613/1.1.50. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 822K Firmware Dwr M920 Firmware
CVE-2024-21923 HIGH CVSS 7.3
Incorrect default permissions in AMD StoreMI™ could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Amd Privilege Escalation
CVE-2024-21922 HIGH CVSS 7.3
A DLL hijacking vulnerability in AMD StoreMI™ could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Amd Privilege Escalation
CVE-2025-13572 MEDIUM CVSS 6.9
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Advanced Library Management System
CVE-2025-13571 MEDIUM CVSS 5.3
A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Cafe Ordering System
CVE-2025-13570 MEDIUM CVSS 5.3
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid Tracking System
CVE-2025-13569 MEDIUM CVSS 5.3
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid Tracking System
CVE-2025-13568 MEDIUM CVSS 5.3
A flaw has been found in itsourcecode COVID Tracking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid Tracking System
CVE-2025-13567 MEDIUM CVSS 5.3
A vulnerability was detected in itsourcecode COVID Tracking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid Tracking System
CVE-2025-13566 MEDIUM CVSS 4.8
A security vulnerability has been detected in jarun nnn up to 5.1. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
CVE-2025-13565 MEDIUM CVSS 5.5
A weakness has been identified in SourceCodester Inventory Management System 1.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Inventory Management System
CVE-2025-13564 MEDIUM CVSS 5.3
A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Pre School Management System
CVE-2025-13562 MEDIUM CVSS 6.9
A vulnerability was identified in D-Link DIR-852 1.00.cgi. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 852 Firmware
CVE-2025-13561 MEDIUM CVSS 6.9
A vulnerability was determined in SourceCodester Company Website CMS 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Company Website Cms
CVE-2025-13560 MEDIUM CVSS 6.9
A vulnerability was found in SourceCodester Company Website CMS 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Company Website Cms
CVE-2025-13557 MEDIUM CVSS 6.9
A vulnerability has been found in Campcodes Online Polling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Polling System
CVE-2025-13556 MEDIUM CVSS 6.9
A flaw has been found in Campcodes Online Polling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Polling System
CVE-2025-13555 MEDIUM CVSS 6.9
A vulnerability was detected in Campcodes School File Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School File Management System
CVE-2025-13554 MEDIUM CVSS 6.9
A security vulnerability has been detected in Campcodes Supplier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
CVE-2025-13546 MEDIUM CVSS 5.3
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Travel Agency
CVE-2025-13545 MEDIUM CVSS 5.1
A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Travel Agency
CVE-2025-13544 MEDIUM CVSS 5.3
A weakness has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Authentication Bypass Travel Agency
CVE-2025-12800 MEDIUM CVSS 6.4
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the su_shortcode_csv_table function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF PHP
CVE-2025-54515 LOW CVSS 1.0
The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead. Rated low severity (CVSS 1.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
CVE-2025-12759 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities