| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-64132 | Jenkins plugin MCP Server 安全漏洞 | Jenkins Project | Jenkins MCP Server Plugin | - | - | 2025-10-29 13:29:40 | Deep Dive |
| CVE-2025-48044 | Authorization bypass when bypass policy condition evaluates to true | ash-project | ash | - | - | 2025-10-17 13:52:54 | Deep Dive |
| CVE-2025-62371 | OpenSearch Data Prepper plugins trusts all SSL certificates by default | opensearch-project | data-prepper | High | 7.4 | 2025-10-15 17:25:43 | Deep Dive |
| CVE-2025-11628 | jimit105 Project-Online-Shopping-Website Product Inventory delete.php sql injection | jimit105 | Project-Online-Shopping-Website | Medium | 4.7 | 2025-10-12 05:02:05 | Deep Dive |
| CVE-2025-11585 | code-projects Project Monitoring System useredit.php sql injection | code-projects | Project Monitoring System | High | 7.3 | 2025-10-10 21:02:07 | Deep Dive |
| CVE-2025-48043 | Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization | ash-project | ash | - | - | 2025-10-10 15:57:29 | Deep Dive |
| CVE-2025-35061 | Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx | Newforma | Project Center | Medium | 5.9 | 2025-10-09 20:22:37 | Deep Dive |
| CVE-2025-35062 | Newforma Info Exchange (NIX) default anonymous access | Newforma | Project Center | Medium | 5.3 | 2025-10-09 20:22:23 | Deep Dive |
| CVE-2025-35060 | Newforma Info Exchange (NIX) stored XSS via SVG file upload | Newforma | Project Center | Medium | 5.5 | 2025-10-09 20:22:10 | Deep Dive |
| CVE-2025-35059 | Newforma Info Exchange (NIX) open URL redirect via /DownloadWeb/hyperlinkredirect.aspx | Newforma | Project Center | Medium | 4.3 | 2025-10-09 20:21:57 | Deep Dive |
| CVE-2025-35058 | Newforma Info Exchange (NIX) forced NTLMv2 authentication via /UserWeb/Common/MarkupServices.ashx | Newforma | Project Center | Medium | 5.9 | 2025-10-09 20:21:43 | Deep Dive |
| CVE-2025-35057 | Newforma Info Exchange (NIX) forced NTLMv2 authentication via /RemoteWeb/IntegrationServices.ashx | Newforma | Project Center | Medium | 5.3 | 2025-10-09 20:21:29 | Deep Dive |
| CVE-2025-35056 | Newforma Info Exchange (NIX) limited file read | Newforma | Project Center | Medium | 5.0 | 2025-10-09 20:21:10 | Deep Dive |
| CVE-2025-35055 | Newforma Info Exchange (NIX) insecure file upload | Newforma | Project Center | High | 8.8 | 2025-10-09 20:20:56 | Deep Dive |
| CVE-2025-35054 | Newforma Info Exchange (NIX) insufficiently protected credentials | Newforma | Project Center | Medium | 5.3 | 2025-10-09 20:20:40 | Deep Dive |
| CVE-2025-35053 | Newforma Info Exchange (NIX) arbitrary file read and delete | Newforma | Project Center | Medium | 6.4 | 2025-10-09 20:20:18 | Deep Dive |
| CVE-2025-35052 | Newforma Info Exchange (NIX) shared hard-coded secret key | Newforma | Project Center | Medium | 5.3 | 2025-10-09 20:20:01 | Deep Dive |
| CVE-2025-35051 | Newforma Project Center Server (NPCS) .NET unauthenticated deserialization | Newforma | Project Center | Critical | 9.8 | 2025-10-09 20:19:44 | Deep Dive |
| CVE-2025-35050 | Newforma Info Exchange (NIX) .NET unauthenticated deserialization | Newforma | Project Center | Critical | 9.8 | 2025-10-09 20:19:13 | Deep Dive |
| CVE-2025-59425 | vLLM vulnerable to timing attack at bearer auth | vllm-project | vllm | High | 7.5 | 2025-10-07 14:06:49 | Deep Dive |