| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-6596 | Vector inserts portlet labels as HTML, allowing for stored XSS through system messages | Wikimedia Foundation | Vector | - | - | 2026-02-02 22:58:21 | Deep Dive |
| CVE-2025-6597 | MediaWiki should not consider autocreation as login for the purposes of security reauthentication | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 22:57:30 | Deep Dive |
| CVE-2025-6927 | Autoblocks from global account suppressions are publicly visible | Wikimedia Foundation | MediaWiki | - | - | 2026-02-02 22:55:09 | Deep Dive |
| CVE-2025-15395 | IBM Jazz Foundation access control violation | IBM | Jazz Foundation | Medium | 4.3 | 2026-02-02 15:10:57 | Deep Dive |
| CVE-2025-11175 | DiscussionTools should use better regex | The Wikimedia Foundation | Mediawiki - DiscussionTools Extension | - | - | 2026-01-30 19:12:07 | Deep Dive |
| CVE-2026-1699 | Eclipse Theia - Website 安全漏洞 | Eclipse Foundation | Eclipse Theia - Website | Critical | 10.0 | 2026-01-30 09:57:15 | Deep Dive |
| CVE-2026-1188 | Eclipse OMR 安全漏洞 | Eclipse Foundation | Eclipse OMR | - | - | 2026-01-29 08:36:03 | Deep Dive |
| CVE-2026-0648 | Eclipse ThreadX USBX 安全漏洞 | Eclipse Foundation | Eclipse ThreadX | High | 7.8 | 2026-01-27 15:40:31 | Deep Dive |
| CVE-2025-55095 | Eclipse ThreadX USBX 安全漏洞 | Eclipse Foundation | Eclipse ThreadX - USBX | Medium | 4.2 | 2026-01-27 15:34:48 | Deep Dive |
| CVE-2025-55102 | Eclipse ThreadX NetX Duo 安全漏洞 | Eclipse Foundation | Eclipse ThreadX - NetX Duo | - | - | 2026-01-27 15:25:36 | Deep Dive |
| CVE-2016-15057 | Apache Continuum: Command injection leading to RCE | Apache Software Foundation | Apache Continuum | - | - | 2026-01-26 11:29:04 | Deep Dive |
| CVE-2025-27821 | HDFS native client: Out of bounds write in URI parser of native HDFS client | Apache Software Foundation | HDFS native client | - | - | 2026-01-26 09:44:14 | Deep Dive |
| CVE-2026-24656 | Apache Karaf: Decanter log-socket collector has deserialization vulnerability | Apache Software Foundation | Apache Karaf | - | - | 2026-01-26 09:41:24 | Deep Dive |
| CVE-2026-1299 | email BytesGenerator header injection due to unquoted newlines | Python Software Foundation | CPython | 高危 | - | 2026-01-23 16:27:13 | Deep Dive |
| CVE-2026-0761 | Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability | Foundation Agents | MetaGPT | 超危 | - | 2026-01-23 03:28:16 | Deep Dive |
| CVE-2026-0760 | Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability | Foundation Agents | MetaGPT | 超危 | - | 2026-01-23 03:28:12 | Deep Dive |
| CVE-2025-12781 | base64.b64decode() always accepts "+/" characters, despite setting altchars | Python Software Foundation | CPython | - | - | 2026-01-21 19:34:48 | Deep Dive |
| CVE-2021-47817 | OpenEMR 5.0.2.1 - Remote Code Execution | OpenEMR Foundation, Inc. | OpenEMR | Medium | 5.4 | 2026-01-21 17:27:34 | Deep Dive |
| CVE-2026-22022 | Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin | Apache Software Foundation | Apache Solr | - | - | 2026-01-21 13:41:46 | Deep Dive |
| CVE-2026-22444 | Apache Solr: Insufficient file-access checking in standalone core-creation requests | Apache Software Foundation | Apache Solr | - | - | 2026-01-21 13:40:25 | Deep Dive |