| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-53840 | Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability | Icinga | icingadb-web | Low | 2.4 | 2025-07-16 13:34:37 | Deep Dive |
| CVE-2025-40985 | SQL Injection in SCATI Vision Web | SCATI | SCATI Vision Web | - | - | 2025-07-16 09:27:41 | Deep Dive |
| CVE-2025-34104 | Piwik Authenticated RCE via Custom Plugin Upload | Piwik (now Matomo) | Web Analytics Platform | - | - | 2025-07-15 13:06:51 | Deep Dive |
| CVE-2025-7425 | Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr | GNOME | libxml2 | High | 7.8 | 2025-07-10 13:53:37 | Deep Dive |
| CVE-2025-42962 | Cross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation) | SAP_SE | SAP Business Warehouse (Business Explorer Web 3.5 loading animation) | Medium | 6.1 | 2025-07-08 00:35:36 | Deep Dive |
| CVE-2025-31326 | HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | SAP_SE | SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | Medium | 4.1 | 2025-07-08 00:34:22 | Deep Dive |
| CVE-2025-53604 | web-push crate 安全漏洞 | pimeys | web-push | Medium | 4.0 | 2025-07-05 00:00:00 | Deep Dive |
| CVE-2025-24780 | WordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.4.0 - SQL Injection Vulnerability | printcart | Printcart Web to Print Product Designer for WooCommerce | High | 8.5 | 2025-07-04 11:18:11 | Deep Dive |
| CVE-2025-28971 | WordPress Easy Elements Hider plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability | CWD Web Designer | Easy Elements Hider | Medium | 5.9 | 2025-07-04 08:42:16 | Deep Dive |
| CVE-2025-34087 | Pi-Hole AdminLTE Whitelist (now 'Web Allowlist') Remote Command Execution | Pi-hole LLC | Web | - | - | 2025-07-03 19:46:49 | Deep Dive |
| CVE-2025-47654 | WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability | Adrian Tobey | FormLift for Infusionsoft Web Forms | High | 7.1 | 2025-06-27 11:52:33 | Deep Dive |
| CVE-2025-52727 | WordPress CSS3 Vertical Web Pricing Tables plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability | QuanticaLabs | CSS3 Vertical Web Pricing Tables | High | 7.1 | 2025-06-27 11:52:25 | Deep Dive |
| CVE-2025-52808 | WordPress RealtyElite theme <= 1.0.0 - Local File Inclusion Vulnerability | real-web | RealtyElite | High | 8.1 | 2025-06-27 11:52:22 | Deep Dive |
| CVE-2025-6540 | web-cam <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter | murtuzamakda52 | web-cam | Medium | 6.4 | 2025-06-26 02:22:23 | Deep Dive |
| CVE-2025-49153 | Path Traversal in MICROSENS NMP Web+ | Microsens | NMP Web+ | - | - | 2025-06-25 16:36:12 | Deep Dive |
| CVE-2025-49152 | Insufficient Session Expiration in MICROSENS NMP Web+ | Microsens | NMP Web+ | - | - | 2025-06-25 16:34:01 | Deep Dive |
| CVE-2025-49151 | Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+ | Microsens | NMP Web+ | - | - | 2025-06-25 16:32:30 | Deep Dive |
| CVE-2025-34040 | Seeyon Zhiyuan OA System Path Traversal File Upload | Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.) | Zhiyuan OA Web Application System | - | - | 2025-06-24 01:12:23 | Deep Dive |
| CVE-2025-6020 | Linux-pam: linux-pam directory traversal | - | - | High | 7.8 | 2025-06-17 12:44:09 | Deep Dive |
| CVE-2025-49794 | Libxml: heap use after free (uaf) leads to denial of service (dos) | - | - | Critical | 9.1 | 2025-06-16 15:24:31 | Deep Dive |