| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-26413 | Apache Kvrocks: The server was crashed by the negative offset | Apache Software Foundation | Apache Kvrocks | 中危 | - | 2025-04-22 07:07:50 | Deep Dive |
| CVE-2025-29953 | Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass | Apache Software Foundation | Apache ActiveMQ NMS OpenWire Client | 中危 | - | 2025-04-18 15:23:32 | Deep Dive |
| CVE-2024-56736 | Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss | Apache Software Foundation | Apache HertzBeat | - | - | 2025-04-16 15:38:11 | Deep Dive |
| CVE-2025-21582 | Oracle E-Business Suite 安全漏洞 | Oracle Corporation | Oracle CRM Technical Foundation | Medium | 6.1 | 2025-04-15 20:30:56 | Deep Dive |
| CVE-2025-24859 | Apache Roller: Insufficient Session Expiration on Password Change | Apache Software Foundation | Apache Roller | - | - | 2025-04-14 08:18:55 | Deep Dive |
| CVE-2025-32077 | XSSes in Extension:SimpleCalendar | The Wikimedia Foundation | Mediawiki - Extension:SimpleCalendar | - | - | 2025-04-11 16:25:07 | Deep Dive |
| CVE-2025-32078 | XSSes and potential RCE in Special:VersionCompare | The Wikimedia Foundation | Mediawiki - Version Compare Extension | - | - | 2025-04-11 16:24:46 | Deep Dive |
| CVE-2025-32079 | Saving the right content to MediaWiki:GrowthMentors.json can take down the site | The Wikimedia Foundation | Mediawiki - GrowthExperiments | - | - | 2025-04-11 16:24:22 | Deep Dive |
| CVE-2025-32080 | Cross-origin data leak in mobilefrontend via lazy load images | The Wikimedia Foundation | Mediawiki - Mobile Frontend Extension | - | - | 2025-04-11 16:24:00 | Deep Dive |
| CVE-2025-32076 | Evil regex used to process user-provided data in VisualData | The Wikimedia Foundation | Mediawiki - Visual Data Extension | - | - | 2025-04-11 16:23:36 | Deep Dive |
| CVE-2025-32072 | HTML injection in feed output from i18n message | The Wikimedia Foundation | Mediawiki Core - Feed Utils | - | - | 2025-04-11 16:23:12 | Deep Dive |
| CVE-2025-32073 | System message XSS in HTMLTags | The Wikimedia Foundation | Mediawiki - HTML Tags | - | - | 2025-04-11 16:22:48 | Deep Dive |
| CVE-2025-32074 | XSSes in Extension:ConfirmAccount | The Wikimedia Foundation | Mediawiki - Confirm Account Extension | - | - | 2025-04-11 16:22:23 | Deep Dive |
| CVE-2025-32075 | IP and user agent leaks in Extension:Tabs | The Wikimedia Foundation | Mediawiki - Tabs Extension | - | - | 2025-04-11 16:22:00 | Deep Dive |
| CVE-2025-32067 | i18n XSS vulnerability in message growthexperiments | The Wikimedia Foundation | Mediawiki - Growth Experiments Extension | - | - | 2025-04-11 16:21:34 | Deep Dive |
| CVE-2025-32068 | Revoking authorization of OAuth2 consumer does not invalidate refresh tokens | The Wikimedia Foundation | Mediawiki - OAuth Extension | - | - | 2025-04-11 16:21:12 | Deep Dive |
| CVE-2025-32069 | Wikitext stored XSS on filepages due to dangerous WBMI serialization | The Wikimedia Foundation | Mediawiki - Wikibase Media Info Extension | - | - | 2025-04-11 16:20:49 | Deep Dive |
| CVE-2025-32070 | XSSes in AJAXPoll | The Wikimedia Foundation | Mediawiki - AJAX Poll Extension | - | - | 2025-04-11 16:20:24 | Deep Dive |
| CVE-2025-32071 | Wikibase CommonsInlineImageFormatter: i18n XSS | The Wikimedia Foundation | Mediawiki - Wikidata Extension | - | - | 2025-04-11 16:19:46 | Deep Dive |
| CVE-2025-32700 | AbuseFilter log interfaces expose global private and hidden filters when central DB is not available | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:31:03 | Deep Dive |