| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12383 | Race Condition allows Bypass of Trust Restrictions | Eclipse Foundation | Jersey | - | - | 2025-11-18 15:14:38 | Deep Dive |
| CVE-2025-61623 | Apache OFBiz: Reflected Cross-site Scripting | Apache Software Foundation | Apache OFBiz | 高危 | - | 2025-11-12 09:16:58 | Deep Dive |
| CVE-2025-59118 | Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload | Apache Software Foundation | Apache OFBiz | 高危 | - | 2025-11-12 09:15:54 | Deep Dive |
| CVE-2025-64407 | Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables | Apache Software Foundation | Apache OpenOffice | 中危 | - | 2025-11-12 09:12:49 | Deep Dive |
| CVE-2025-64406 | Apache OpenOffice: Possible memory corruption during CSV import | Apache Software Foundation | Apache OpenOffice | 高危 | - | 2025-11-12 09:11:47 | Deep Dive |
| CVE-2025-64405 | Apache OpenOffice: Remote documents loaded without prompt via DDE function | Apache Software Foundation | Apache OpenOffice | 中危 | - | 2025-11-12 09:10:36 | Deep Dive |
| CVE-2025-64404 | Apache OpenOffice: Remote documents loaded without prompt via background and bullet images | Apache Software Foundation | Apache OpenOffice | 中危 | - | 2025-11-12 09:08:34 | Deep Dive |
| CVE-2025-64403 | Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc | Apache Software Foundation | Apache OpenOffice | 中危 | - | 2025-11-12 09:04:50 | Deep Dive |
| CVE-2025-64402 | Apache OpenOffice: Remote documents loaded without prompt via OLE objects | Apache Software Foundation | Apache OpenOffice | 中危 | - | 2025-11-12 09:03:02 | Deep Dive |
| CVE-2025-64401 | Apache OpenOffice: Remote documents loaded without prompt via IFrame | Apache Software Foundation | Apache OpenOffice | 中危 | - | 2025-11-12 08:58:18 | Deep Dive |
| CVE-2025-58337 | Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server | Apache Software Foundation | Apache Doris-MCP-Server | 中危 | - | 2025-11-05 09:26:37 | Deep Dive |
| CVE-2025-6075 | Quadratic complexity in os.path.expandvars() with user-controlled template | Python Software Foundation | CPython | 低危 | - | 2025-10-31 16:41:35 | Deep Dive |
| CVE-2025-62232 | Apache APISIX: basic-auth logs plaintext credentials at info level | Apache Software Foundation | Apache APISIX | 中危 | - | 2025-10-31 08:48:24 | Deep Dive |
| CVE-2025-54941 | Apache Airflow: Command injection in "example_dag_decorator" | Apache Software Foundation | Apache Airflow | - | - | 2025-10-30 09:45:27 | Deep Dive |
| CVE-2025-62402 | Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API | Apache Software Foundation | Apache Airflow | - | - | 2025-10-30 09:14:27 | Deep Dive |
| CVE-2025-62503 | Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables) | Apache Software Foundation | Apache Airflow | - | - | 2025-10-30 09:11:17 | Deep Dive |
| CVE-2025-61795 | Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS | Apache Software Foundation | Apache Tomcat | 中危 | - | 2025-10-27 17:30:28 | Deep Dive |
| CVE-2025-55752 | Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled | Apache Software Foundation | Apache Tomcat | - | - | 2025-10-27 17:29:56 | Deep Dive |
| CVE-2025-55754 | Apache Tomcat: console manipulation via escape sequences in log messages | Apache Software Foundation | Apache Tomcat | 中危 | - | 2025-10-27 17:29:51 | Deep Dive |
| CVE-2025-62659 | The CookieConsent extension does not properly use reserved data attributes, thus introducing potential XSS vectors | The Wikimedia Foundation | MediaWiki CookieConsent extension | - | - | 2025-10-22 15:31:29 | Deep Dive |