COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

07:06:43 AM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources
Events
Certificates
Arsenal
Tools
About

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational

COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

07:06:44 AM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

2025-W43

2025-10-20 00:00 UTC 2025-10-26 23:59 UTC

← 2025-W42 all weeks 2025-W44 →

// total

0

// critical

0

// high

0

// medium

0

// low

0

// new kev

8

// top critical

No CRITICAL CVEs published this week.

// top high

No HIGH CVEs published this week.

// new kev additions

CVE-2025-54236NONEKEV
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
CVE-2025-59287NONEKEV
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
CVE-2025-61932NONEKEV
Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources

CVE-2025-61884NONEKEV

Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.

CVE-2022-48503NONEKEV

Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

CVE-2025-33073NONEKEV

Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.

CVE-2025-2746NONEKEV

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

CVE-2025-2747NONEKEV

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational