| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12839 | Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | Academy Software Foundation | OpenEXR | - | - | 2025-12-23 21:41:37 | Deep Dive |
| CVE-2025-12495 | Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | Academy Software Foundation | OpenEXR | - | - | 2025-12-23 21:41:28 | Deep Dive |
| CVE-2025-66524 | Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor | Apache Software Foundation | Apache NiFi | - | - | 2025-12-19 09:24:41 | Deep Dive |
| CVE-2025-68161 | Apache Log4j Core: Missing TLS hostname verification in Socket appender | Apache Software Foundation | Apache Log4j Core | - | - | 2025-12-18 20:47:49 | Deep Dive |
| CVE-2025-67895 | Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2 | Apache Software Foundation | Apache Airflow Providers Edge3 | - | - | 2025-12-17 11:47:43 | Deep Dive |
| CVE-2025-66388 | Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI | Apache Software Foundation | Apache Airflow | 中危 | - | 2025-12-15 11:30:44 | Deep Dive |
| CVE-2025-14714 | TCC Bypass via Inherited Permissions in Bundled Interpreter | The Document Foundation | LibreOffice | - | - | 2025-12-15 10:30:56 | Deep Dive |
| CVE-2025-53960 | Apache StreamPark: Uses the user’s password as the secret key | Apache Software Foundation | Apache StreamPark | - | - | 2025-12-12 15:15:49 | Deep Dive |
| CVE-2025-54947 | Apache StreamPark: Use hard-coded key vulnerability | Apache Software Foundation | Apache StreamPark | - | - | 2025-12-12 15:11:38 | Deep Dive |
| CVE-2025-54981 | Apache StreamPark: Weak Encryption Algorithm in StreamPark | Apache Software Foundation | Apache StreamPark | - | - | 2025-12-12 15:10:36 | Deep Dive |
| CVE-2025-26866 | Apache HugeGraph-Server: RAFT and deserialization vulnerability | Apache Software Foundation | Apache HugeGraph-Server | - | - | 2025-12-12 09:23:08 | Deep Dive |
| CVE-2025-58137 | Apache Fineract: IDOR via self-service API | Apache Software Foundation | Apache Fineract | - | - | 2025-12-12 09:21:00 | Deep Dive |
| CVE-2025-58130 | Apache Fineract: Server Key not masked | Apache Software Foundation | Apache Fineract | - | - | 2025-12-12 09:20:07 | Deep Dive |
| CVE-2025-23408 | Apache Fineract: weak password policy | Apache Software Foundation | Apache Fineract | - | - | 2025-12-12 09:18:59 | Deep Dive |
| CVE-2025-66675 | Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed | Apache Software Foundation | Apache Struts | - | - | 2025-12-10 09:32:59 | Deep Dive |
| CVE-2025-58098 | Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... | Apache Software Foundation | Apache HTTP Server | 低危 | - | 2025-12-05 13:40:40 | Deep Dive |
| CVE-2025-66200 | Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo | Apache Software Foundation | Apache HTTP Server | 中危 | - | 2025-12-05 11:02:26 | Deep Dive |
| CVE-2025-65082 | Apache HTTP Server: CGI environment variable override | Apache Software Foundation | Apache HTTP Server | 低危 | - | 2025-12-05 10:46:27 | Deep Dive |
| CVE-2025-59775 | Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF | Apache Software Foundation | Apache HTTP Server | 中危 | - | 2025-12-05 10:17:04 | Deep Dive |
| CVE-2025-55753 | Apache HTTP Server: mod_md (ACME), unintended retry intervals | Apache Software Foundation | Apache HTTP Server | 高危 | - | 2025-12-05 10:12:22 | Deep Dive |