| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-13932 | SolisCloud Monitoring Platform 安全漏洞 | SolisCloud | Monitoring Platform (Cloud API & Device Control API) | - | - | 2025-12-04 21:17:03 | Deep Dive |
| CVE-2024-12125 | 3scale-porta: readonly fields not validated server-side | 3scale | porta | High | 7.5 | 2025-11-06 21:50:41 | Deep Dive |
| CVE-2025-53674 | Jenkins plugin Sensedia Api Platform tools 安全漏洞 | Jenkins Project | Jenkins Sensedia Api Platform tools Plugin | - | - | 2025-07-09 15:39:41 | Deep Dive |
| CVE-2025-53673 | Jenkins plugin Sensedia Api Platform tools 安全漏洞 | Jenkins Project | Jenkins Sensedia Api Platform tools Plugin | - | - | 2025-07-09 15:39:40 | Deep Dive |
| CVE-2025-5288 | REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function | weboccults | REST API | Custom API Generator For Cross Platform And Import Export In WP | Critical | 9.8 | 2025-06-13 01:47:46 | Deep Dive |
| CVE-2025-31485 | GraphQL grant on a property might be cached with different objects | api-platform | core | High | 7.5 | 2025-04-03 19:31:46 | Deep Dive |
| CVE-2025-31481 | GraphQL query operations security can be bypassed | api-platform | core | High | 7.5 | 2025-04-03 19:20:23 | Deep Dive |
| CVE-2023-47639 | API Platform Core can leak exceptions message that may contain sensitive information | api-platform | core | Medium | 5.3 | 2025-04-03 16:46:14 | Deep Dive |
| CVE-2025-23204 | GraphQl securityAfterResolver not called | api-platform | core | Medium | 4.4 | 2025-03-24 15:53:19 | Deep Dive |
| CVE-2024-11831 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript | - | - | Medium | 5.4 | 2025-02-10 15:27:47 | Deep Dive |
| CVE-2024-12236 | Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration | Google Cloud Platform | Vertex Gemini API | 中危 | - | 2024-12-10 15:07:40 | Deep Dive |
| CVE-2024-10295 | Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request | - | - | High | 7.5 | 2024-10-24 17:55:10 | Deep Dive |
| CVE-2024-9671 | System: pdf invoices of the developer users can be seen if the url is known | - | - | Medium | 5.3 | 2024-10-09 14:32:11 | Deep Dive |
| CVE-2024-3930 | XML External Entity in Akana | Akana | Akana API Platform | Medium | 6.3 | 2024-07-30 18:36:18 | Deep Dive |
| CVE-2024-5250 | Overly Verbose Errors in SAML Integration | Akana | Akana API Platform | Low | 3.5 | 2024-07-30 18:29:11 | Deep Dive |
| CVE-2024-5249 | SAML Replay in Akana | Akana | Akana API Platform | Medium | 5.4 | 2024-07-30 18:23:29 | Deep Dive |
| CVE-2024-3826 | Broken SAML Validation | Akana | Akana API Platform | - | - | 2024-07-02 15:49:09 | Deep Dive |
| CVE-2024-2796 | SSRF in Akana API Platform | Akana | Akana API Platform | Critical | 9.3 | 2024-04-18 15:04:56 | Deep Dive |
| CVE-2024-0560 | Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions | - | - | Medium | 6.3 | 2024-02-28 16:37:01 | Deep Dive |
| CVE-2023-4910 | 3scale-admin-portal: logged out users tokens can be accessed | Red Hat | Red Hat 3scale API Management Platform 2 | Medium | 5.5 | 2023-11-06 12:49:38 | Deep Dive |