| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-64167 | Combodo iTop vulnerable to reflected XSS in webservices/export.php | Combodo | iTop | High | 7.1 | 2025-11-10 21:15:12 | Deep Dive |
| CVE-2025-49145 | iTop admin can drop iTop database using webhooks | Combodo | iTop | High | 8.7 | 2025-11-10 21:10:20 | Deep Dive |
| CVE-2025-48878 | Combodo iTop vulnerable to IDOR with ModuleInstallation object | Combodo | iTop | Medium | 4.3 | 2025-11-10 20:43:04 | Deep Dive |
| CVE-2025-48065 | Combodo iTop vulnerable to reflected XSS via objection edition form error | Combodo | iTop | High | 8.8 | 2025-11-10 20:35:34 | Deep Dive |
| CVE-2025-48055 | Combodo iTop has stored XSS in user portal's browse brick | Combodo | iTop | High | 8.5 | 2025-11-10 20:33:48 | Deep Dive |
| CVE-2025-47932 | Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard | Combodo | iTop | High | 8.8 | 2025-11-10 19:20:24 | Deep Dive |
| CVE-2025-47773 | Combodo iTop has XSS vulnerability in /pages/ajax.render.php | Combodo | iTop | High | 8.8 | 2025-11-10 19:13:09 | Deep Dive |
| CVE-2025-47286 | Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality | Combodo | iTop | 中危 | - | 2025-11-10 18:38:40 | Deep Dive |
| CVE-2025-24969 | iTop portal user can see any other contact's picture | Combodo | iTop | Medium | 5.0 | 2025-05-14 15:11:45 | Deep Dive |
| CVE-2025-24785 | iTop dashboard vulnerable to denial of service | Combodo | iTop | Medium | 4.3 | 2025-05-14 15:05:28 | Deep Dive |
| CVE-2025-24026 | iTop Inefficient Regular Expression Complexity vulnerability | Combodo | iTop | Medium | 5.3 | 2025-05-14 14:59:48 | Deep Dive |
| CVE-2025-24022 | iTop server vulnerable to portal code injection | Combodo | iTop | High | 8.5 | 2025-05-14 14:57:38 | Deep Dive |
| CVE-2025-24021 | iTop doesn't have mass assignment of fields in the portal form | Combodo | iTop | Medium | 5.0 | 2025-05-14 14:48:43 | Deep Dive |
| CVE-2024-56157 | iTop vulnerable to Self XSS in CSV Import | Combodo | iTop | Medium | 6.3 | 2025-05-14 14:40:46 | Deep Dive |
| CVE-2024-52601 | iTop portal Insecure Direct Object Reference vulnerability | Combodo | iTop | Medium | 6.5 | 2025-05-14 14:39:15 | Deep Dive |
| CVE-2025-27139 | Combodo iTop vulnerable to stored self Cross-site Scripting in preferences | Combodo | iTop | Medium | 6.8 | 2025-02-25 19:52:16 | Deep Dive |
| CVE-2024-54139 | Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter | Combodo | iTop | High | 7.9 | 2024-12-13 15:59:25 | Deep Dive |
| CVE-2024-52000 | Reflected Cross-site Scripting exploit in Combodo iTop | Combodo | iTop | 高危 | - | 2024-11-08 22:20:02 | Deep Dive |
| CVE-2024-52001 | Portal user is able to access forbidden services information in Combodo iTop | Combodo | iTop | 中危 | - | 2024-11-08 22:18:18 | Deep Dive |
| CVE-2024-52002 | Cross-Site Request Forgery (CSRF) in several iTop pages | Combodo | iTop | 高危 | - | 2024-11-08 22:16:36 | Deep Dive |