| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-10659 | MegaSys Enterprises Telenium Online Web Application OS Command Injection | MegaSys | Telenium Online Web Application: | Critical | 9.8 | 2025-09-30 20:00:53 | Deep Dive |
| CVE-2025-60127 | WordPress CopySafe Web Protection plugin <= 5.1 - Broken Access Control vulnerability | ArtistScope | CopySafe Web Protection | Medium | 5.4 | 2025-09-26 08:31:41 | Deep Dive |
| CVE-2025-10449 | Path Traversal in Saysis Computer Systems' Saysis Web Portal | Saysis Computer Systems Trade Ltd. Co. | Saysis Web Portal | High | 8.6 | 2025-09-25 12:39:31 | Deep Dive |
| CVE-2025-9031 | Timing-Based Username Enumeration in DivvyDrive Information Technologies' DivvyDrive Web | DivvyDrive Information Technologies Inc. | DivvyDrive Web | Medium | 4.3 | 2025-09-24 08:25:49 | Deep Dive |
| CVE-2025-26399 | SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability | SolarWinds | Web Help Desk | Critical | 9.8 | 2025-09-23 05:07:15 | Deep Dive |
| CVE-2025-59430 | Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink | FrontFin | mesh-web-sdk | High | 8.2 | 2025-09-22 18:47:05 | Deep Dive |
| CVE-2025-57917 | WordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.4.8 - Broken Access Control vulnerability | printcart | Printcart Web to Print Product Designer for WooCommerce | Medium | 4.3 | 2025-09-22 18:25:16 | Deep Dive |
| CVE-2025-57984 | WordPress MakeStories (for Google Web Stories) Plugin <= 3.0.4 - Server Side Request Forgery (SSRF) Vulnerability | Pratik Ghela | MakeStories (for Google Web Stories) | Medium | 4.4 | 2025-09-22 18:24:28 | Deep Dive |
| CVE-2025-9969 | Reflected XSS in Vizly Web Design's Real Estate Packages | Vizly Web Design | Real Estate Packages | High | 7.1 | 2025-09-19 11:26:08 | Deep Dive |
| CVE-2025-48703 | Control Web Panel 操作系统命令注入漏洞 | centos-webpanel | CentOS Web Panel | Critical | 9.0 | 2025-09-19 00:00:00 | Deep Dive |
| CVE-2025-59416 | The Scratch Channel forks can publish articles | The-Scratch-Channel | tsc-web-client | - | - | 2025-09-17 18:52:51 | Deep Dive |
| CVE-2025-10599 | itsourcecode Web-Based Internet Laboratory Management System login.php AuthenticateUser sql injection | itsourcecode | Web-Based Internet Laboratory Management System | High | 7.3 | 2025-09-17 16:02:11 | Deep Dive |
| CVE-2025-8411 | XSS in Dokuzsoft Technology's E-Commerce Web Design Product | Dokuzsoft Technology | E-Commerce Web Design Product | High | 7.1 | 2025-09-17 11:17:58 | Deep Dive |
| CVE-2025-59161 | In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left | element-hq | element-web | - | - | 2025-09-16 16:44:16 | Deep Dive |
| CVE-2025-10492 | Jaspersoft Library Deserialisation Vulnerability | Jaspersoft | JasperReports Library Community Edition | - | - | 2025-09-16 16:41:45 | Deep Dive |
| CVE-2024-13174 | SQLi in E1 Informatics' Web Application | E1 Informatics | Web Application | High | 8.6 | 2025-09-16 14:28:20 | Deep Dive |
| CVE-2025-59397 | Open Web Analytics Server SQL注入漏洞 | openwebanalytics | Open Web Analytics | Medium | 5.0 | 2025-09-15 00:00:00 | Deep Dive |
| CVE-2025-41714 | Path Traversal via 'Upload-Key' in SmartEMS Upload Handling | Welotec | SmartEMS Web Application | High | 8.8 | 2025-09-10 06:48:10 | Deep Dive |
| CVE-2025-8778 | NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax Function | nitropack | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | Medium | 4.3 | 2025-09-10 06:38:47 | Deep Dive |
| CVE-2025-42922 | Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service) | SAP_SE | SAP NetWeaver AS Java (Deploy Web Service) | Critical | 9.9 | 2025-09-09 02:09:39 | Deep Dive |