COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

10:31:19 AM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources
Events
Certificates
Arsenal
Tools
About

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational

COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

10:31:20 AM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

2025-W23

2025-06-02 00:00 UTC 2025-06-08 23:59 UTC

← 2025-W22 all weeks 2025-W24 →

// total

0

// critical

0

// high

0

// medium

0

// low

0

// new kev

9

// top critical

No CRITICAL CVEs published this week.

// top high

No HIGH CVEs published this week.

// new kev additions

CVE-2025-5419NONEKEV
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVE-2025-27038NONEKEV
Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
CVE-2025-21479NONEKEV

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVE-2025-21480NONEKEV

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

CVE-2023-39780NONEKEV

ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346.

CVE-2024-56145NONEKEV

Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled.

CVE-2025-3935NONEKEV

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised.

CVE-2021-32030NONEKEV

ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

CVE-2025-35939NONEKEV

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432.

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational