| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-42938 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform | SAP_SE | SAP NetWeaver ABAP Platform | Medium | 6.1 | 2025-09-09 02:11:34 | Deep Dive |
| CVE-2025-10086 | fuyang_lipengjun platform AdPositionController queryAll improper authorization | fuyang_lipengjun | platform | Medium | 6.3 | 2025-09-08 06:02:12 | Deep Dive |
| CVE-2025-9566 | Podman: podman kube play command may overwrite host files | - | - | High | 8.1 | 2025-09-05 19:54:31 | Deep Dive |
| CVE-2025-58887 | WordPress Course Booking Platform Plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability | Course Finder | andré martin - it solutions & research UG | Course Booking Platform | Medium | 6.5 | 2025-09-05 13:45:54 | Deep Dive |
| CVE-2025-9936 | fuyang_lipengjun platform queryAll AdController improper authorization | fuyang_lipengjun | platform | Medium | 4.3 | 2025-09-03 23:02:13 | Deep Dive |
| CVE-2025-55748 | XWiki Platform's configuration files can be accessed through jsx and sx endpoints | xwiki | xwiki-platform | - | - | 2025-09-03 20:19:46 | Deep Dive |
| CVE-2025-55747 | XWiki Platform's configuration files can be accessed through the webjars API | xwiki | xwiki-platform | - | - | 2025-09-03 20:12:13 | Deep Dive |
| CVE-2025-53690 | Sitecore Products ViewState Deserialization Vulnerability | Sitecore | Experience Manager (XM) | Critical | 9.0 | 2025-09-03 20:04:48 | Deep Dive |
| CVE-2025-53691 | Sitecore Experience Remote Code Execution through Insecure Deserialization | Sitecore | Experience Manager (XM) | High | 8.8 | 2025-09-03 12:37:00 | Deep Dive |
| CVE-2025-53693 | HTML Cache Poisoning through Unsafe Reflections | Sitecore | Sitecore Experience Manager (XM) | Critical | 9.8 | 2025-09-03 12:36:54 | Deep Dive |
| CVE-2025-53694 | Information Disclosure in ItemServices API | Sitecore | Sitecore Experience Manager (XM) | High | 7.5 | 2025-09-03 12:36:38 | Deep Dive |
| CVE-2025-9784 | Undertow: undertow madeyoureset http/2 ddos vulnerability | - | - | High | 7.5 | 2025-09-02 13:38:00 | Deep Dive |
| CVE-2025-9590 | Weaver E-Mobile Mobile Management Platform cross site scripting | Weaver | E-Mobile Mobile Management Platform | Low | 3.5 | 2025-08-28 21:32:09 | Deep Dive |
| CVE-2025-58059 | Valtimo scripting engine can be used to gain access to sensitive data or resources | valtimo-platform | valtimo-backend-libraries | Critical | 9.1 | 2025-08-28 17:50:51 | Deep Dive |
| CVE-2025-58049 | XWiki PDF export jobs store sensitive cookies unencrypted in job statuses | xwiki | xwiki-platform | Medium | 5.8 | 2025-08-28 17:43:40 | Deep Dive |
| CVE-2023-7309 | Dahua Smart Park Integrated Management Platform Front-End Arbitrary File Upload | Zhejiang Dahua Technology Co., Ltd. | Smart Park Integrated Management Platform | - | - | 2025-08-27 21:24:00 | Deep Dive |
| CVE-2025-7221 | GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | Medium | 4.3 | 2025-08-21 05:28:14 | Deep Dive |
| CVE-2025-4877 | Libssh: write beyond bounds in binary to base64 conversion functions | - | - | Medium | 4.5 | 2025-08-20 12:19:19 | Deep Dive |
| CVE-2025-4437 | Cri-o: large /etc/passwd file may lead to denial of service | Red Hat | Red Hat OpenShift Container Platform 4 | Medium | 5.7 | 2025-08-20 12:19:18 | Deep Dive |
| CVE-2025-9099 | Acrel Environmental Monitoring Cloud Platform UploadNewsImg unrestricted upload | Acrel | Environmental Monitoring Cloud Platform | Medium | 6.3 | 2025-08-18 01:02:07 | Deep Dive |