COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

12:14:03 AM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources
Events
Certificates
Arsenal
Tools
About

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational

COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

12:14:04 AM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

2025-W30

2025-07-21 00:00 UTC 2025-07-27 23:59 UTC

← 2025-W29 all weeks 2025-W31 →

// total

0

// critical

0

// high

0

// medium

0

// low

0

// new kev

6

// top critical

No CRITICAL CVEs published this week.

// top high

No HIGH CVEs published this week.

// new kev additions

CVE-2025-54309NONEKEV
CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS.
CVE-2025-49704NONEKEV
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
CVE-2025-2775NONE

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources

KEV

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.

CVE-2025-49706NONEKEV

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.

CVE-2025-6558NONEKEV

Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

CVE-2025-2776NONEKEV

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational