CYBERSECURITY UPDATES & ALERTS
A live, direct feed of CISA, NIST, and other cybersecurity agencies, latest vulnerability advisories and security alerts.
(CISA.gov) Official website of the Cybersecurity and Infrastructure Security Agency (CISA).
CISA works with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.
https://www.cisa.gov/
About this CISA KEV Table
The table below pulls live entries from CISA’s Known Exploited Vulnerabilities (KEV) catalog, CVE records that are confirmed to be exploited in the wild. It displays:
- New items from the last 72 hours (when recent additions exist), or
- Up to the top 30 KEVs (when there are no brand-new items in that window).
Why some items look “old”
A CVE’s year reflects when it was assigned or disclosed; not when attackers began exploiting it. CISA keeps older CVEs in the KEV catalog (or highlights them) when exploitation is active now. That’s why an older CVE can still appear in a “Top” list.
How to use this list
- Prioritize patching or mitigation if your products are affected.
- Check vendor advisories for fixed versions or workarounds.
- Treat KEVs as high-priority risk even if CVSS appears moderate ~ exploitation status matters.
Source: CISA KEV catalog. This product uses public KEV data but is not endorsed or certified by CISA. The feed is polled regularly; ordering may change as CISA updates the catalog.
Live TOP 20 CISA Known Exploits & Vulnerabilities
| CVE | Vendor | Product | Date Added |
|---|---|---|---|
| CVE-2025-48703 | CWP | Control Web Panel | Nov 4, 2025 |
| CVE-2025-11371 | Gladinet | CentreStack and Triofox | Nov 4, 2025 |
| CVE-2025-41244 | Broadcom | VMware Aria Operations and VMware Tools | Oct 30, 2025 |
| CVE-2025-24893 | XWiki | Platform | Oct 30, 2025 |
| CVE-2025-6204 | Dassault Systèmes | DELMIA Apriso | Oct 28, 2025 |
| CVE-2025-6205 | Dassault Systèmes | DELMIA Apriso | Oct 28, 2025 |
| CVE-2025-54236 | Adobe | Commerce and Magento | Oct 24, 2025 |
| CVE-2025-59287 | Microsoft | Windows | Oct 24, 2025 |
| CVE-2025-61932 | Motex | LANSCOPE Endpoint Manager | Oct 22, 2025 |
| CVE-2022-48503 | Apple | Multiple Products | Oct 20, 2025 |
| CVE-2025-2746 | Kentico | Xperience CMS | Oct 20, 2025 |
| CVE-2025-2747 | Kentico | Xperience CMS | Oct 20, 2025 |
| CVE-2025-33073 | Microsoft | Windows | Oct 20, 2025 |
| CVE-2025-61884 | Oracle | E-Business Suite | Oct 20, 2025 |
| CVE-2025-54253 | Adobe | Experience Manager (AEM) Forms | Oct 15, 2025 |
| CVE-2025-47827 | IGEL | IGEL OS | Oct 14, 2025 |
| CVE-2025-24990 | Microsoft | Windows | Oct 14, 2025 |
| CVE-2025-59230 | Microsoft | Windows | Oct 14, 2025 |
| CVE-2016-7836 | SKYSEA | Client View | Oct 14, 2025 |
| CVE-2021-43798 | Grafana Labs | Grafana | Oct 9, 2025 |
CISA Advisories & Reports
Latest CISA Advisories
| Advisories | Date |
|---|---|
| Loading… | |
Latest CISA Analysis Reports
| Analysis Reports | Date |
|---|---|
| Loading… | |
(NVD.NIST.GOV) Official website of the National Institute of Standards and Technology (NIST).
The NVD is the U.S. government repository of standards-based vulnerability data, built on the CVE list and scored with CVSS.
https://nvd.nist.gov/
About the NVD CVE Tables
The table below pulls live entries from NIST’s National Vulnerability Database (NVD) via the CVE 2.0 API. It shows the newest vulnerabilities first within the filters (e.g., time window, severity, keywords).
- Time window: last N days (if set), otherwise newest across all time.
- Severity: CVSS v3+ level(s) (e.g., CRITICAL / HIGH / MEDIUM / LOW) as selected.
- Ordering: newest published (or modified) first for quick triage.
Why some items look “old”
A CVE’s year reflects when it was assigned or disclosed ~ not when analysis or vendor patches arrived. NVD may update records (e.g., references, scoring) over time, so you can see older CVEs that were recently modified or are still relevant to current risk.
How to use this list
- Prioritize CRITICAL/HIGH that affect your environment; verify with vendor advisories.
- Review NVD references (vendor bulletins, GitHub issues, etc.) for fixed versions or workarounds.
- Treat CVSS as a starting point; factor in exploitability, asset exposure, and business impact.
Source: NIST National Vulnerability Database (NVD). This product uses public NVD data but is not endorsed or certified by NIST. The feed is refreshed regularly; ordering may change as NVD updates records. Visit the official site: nvd.nist.gov.
Critical Severity Top 10 in 90 Days
| CVE | Severity | Published |
|---|---|---|
| CVE-2025-12352 | CRITICAL | 2025-11-07 |
| The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This only impacts sites that have allow_url_fopen set to `On`, the post creation form enabled along with a file upload field for the post | ||
| CVE-2025-20358 | CRITICAL | 2025-11-05 |
| A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account. | ||
| CVE-2025-20354 | CRITICAL | 2025-11-05 |
| A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. | ||
| CVE-2025-47151 | CRITICAL | 2025-11-05 |
| A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability. | ||
| CVE-2025-12674 | CRITICAL | 2025-11-05 |
| The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||
| CVE-2025-11749 | CRITICAL | 2025-11-05 |
| The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the bearer token, which can be used to gain access to a valid session and perform many actions like creating a new administrator account, leading to privilege escalation. | ||
| CVE-2025-12682 | CRITICAL | 2025-11-04 |
| The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible. | ||
| CVE-2025-12493 | CRITICAL | 2025-11-04 |
| The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||
| CVE-2025-12158 | CRITICAL | 2025-11-04 |
| The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account to administrator. | ||
| CVE-2025-11008 | CRITICAL | 2025-11-04 |
| The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include administrators, which makes a complete site takeover possible. | ||
High Severity Top 10 in 7 Days
| CVE | Severity | Published |
|---|---|---|
| CVE-2025-10968 | HIGH | 2025-11-07 |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398. | ||
| CVE-2025-64343 | HIGH | 2025-11-07 |
| (conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write access by authenticated users. Any logged in user can make modifications during the installation for both single-user and all-user installations. This constitutes a local attack vector if the installation is in a directory local users have access to. For single-user installations in a shared directory, these permissions persist after the installation. This issue is fixed in version 3.13.0. | ||
| CVE-2025-4519 | HIGH | 2025-11-07 |
| The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to initiate a password reset for any user (including administrators) and elevate their privileges for full site takeover. | ||
| CVE-2025-5483 | HIGH | 2025-11-07 |
| The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled. | ||
| CVE-2025-64184 | HIGH | 2025-11-07 |
| Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2. | ||
| CVE-2025-58423 | HIGH | 2025-11-06 |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account. | ||
| CVE-2025-59171 | HIGH | 2025-11-06 |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | ||
| CVE-2025-62630 | HIGH | 2025-11-06 |
| Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. | ||
| CVE-2025-64173 | HIGH | 2025-11-06 |
| Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to access data that required additional access controls. Router incorrectly handled access control directives on interface types/fields and their implementing object types/fields, applying them to interface types/fields while ignoring directives on their implementing object types/fields when all implementations had the same requirements. Apollo Router customers defining @authenticated, @requiresScopes, or @policy directives inconsistently on polymorphic types (i.e., object types that implement interface types) are impacted. This issue is fixed in versions 1.61.12 and 2.8.1. | ||
| CVE-2025-12790 | HIGH | 2025-11-06 |
| A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack. | ||
Critical 90 Day CISCO Top 10
| CVE | Severity | Published |
|---|---|---|
| CVE-2025-20358 | CRITICAL | 2025-11-05 |
| A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account. | ||
| CVE-2025-20354 | CRITICAL | 2025-11-05 |
| A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. | ||
| CVE-2025-20333 | CRITICAL | 2025-09-25 |
| A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device. | ||
| CVE-2025-20363 | CRITICAL | 2025-09-25 |
| A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details ["#details"] section of this advisory. | ||
| CVE-2025-20265 | CRITICAL | 2025-08-14 |
| A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both. | ||
Critical 90 Day FortiNet Top 10
| CVE | Severity | Published |
|---|---|---|
| CVE-2025-25256 | CRITICAL | 2025-08-12 |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests. | ||