Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Today's Security Brief
Monday's vulnerability disclosure reveals two newly published critical vulnerabilities and 17 high-priority CVEs as security teams return to the work week. Seven actively exploited CISA KEV vulnerabilities continue to require remediation. The overall critical CVE frequency shows an 83% decrease compared to historical averages, maintaining the reduced disclosure activity observed over the weekend period.
Two newly published critical vulnerabilities disclosed (CVSS 9.0+), representing new issues requiring assessment
Seventeen high-priority vulnerabilities (CVSS 7.0-8.9), unchanged from Sunday's count
Critical CVE frequency decreased 83% compared to historical average, reflecting continued below-average disclosure activity
Immediate action: Security teams should assess the two newly published critical vulnerabilities and review the 17 high-priority CVEs. Organizations should prioritize remediation of the seven actively exploited CISA KEV vulnerabilities.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2025-13223
9.5π
GoogleChromium V8
β° Federal Deadline:December 9, 2025(3 days remaining)
Google Chromium V8 Type Confusion Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEVURGENT
CVE-2025-61757
9.5π
OracleFusion Middleware
β° Federal Deadline:December 11, 2025(5 days remaining)
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2021-26829
9.5
OpenPLCScadaBR
β° Federal Deadline:December 18, 2025(12 days remaining)
OpenPLC ScadaBR Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48633
9.5
AndroidFramework
β° Federal Deadline:December 22, 2025(16 days remaining)
Android Framework Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-48572
9.5
AndroidFramework
β° Federal Deadline:December 22, 2025(16 days remaining)
Android Framework Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2021-26828
9.5
OpenPLCScadaBR
β° Federal Deadline:December 23, 2025(17 days remaining)
OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-55182
9.5π
MetaReact Server Components
β° Federal Deadline:December 25, 2025(19 days remaining)
Meta React Server Components Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-12966
8.8π
WordPressMultiple Products
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_directory() function in versions 4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-13065
8.8π
WordPressMultiple Products
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4
CVSS Base8.8
β
CRSSelect profile
CVE-2025-12510
7.2π
GoogleMultiple Products
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 13
CVSS Base7.2
β
CRSSelect profile
CVE-2025-12499
7.2π
GoogleMultiple Products
The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contents of a Google Review in all versions up to, and including, 6
CVSS Base7.2
β
CRSSelect profile
CVE-2025-14126
8.8π
hasMultiple Products
A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14133
8.8π
LinksysMultiple Products
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14134
8.8π
LinksysMultiple Products
A vulnerability was determined in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14135
8.8π
LinksysMultiple Products
A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14136
8.8π
LinksysMultiple Products
A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14141
8.8π
flawMultiple Products
A flaw has been found in UTT θΏε 520W 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14191
8.8π
hasMultiple Products
A vulnerability has been found in UTT θΏε 512W up to 1
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14196
8.8π
weaknessMultiple Products
A weakness has been identified in H3C Magic B1 up to 100R004
CVSS Base8.8
β
CRSSelect profile
CVE-2025-14189
7.3π
wasMultiple Products
A vulnerability was detected in Chanjet CRM up to 20251121
CVSS Base7.3
β
CRSSelect profile
CVE-2025-14190
7.3π
flawMultiple Products
A flaw has been found in Chanjet TPlus up to 20251121
CVSS Base7.3
β
CRSSelect profile
CVE-2025-14192
7.3π
wasMultiple Products
A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2
CVSS Base7.3
β
CRSSelect profile
CVE-2025-14187
7.2
weaknessMultiple Products
A weakness has been identified in UGREEN DH2100+ up to 5
CVSS Base7.2
β
CRSSelect profile
CVE-2025-14188
7.2
securityMultiple Products
A security vulnerability has been detected in UGREEN DH2100+ up to 5