| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-54124 | XWiki Platform: Any user with editing rights can access password properties through Database List Properties | xwiki | xwiki-platform | - | - | 2025-08-05 23:28:07 | Deep Dive |
| CVE-2025-32430 | XWiki Platform contains Reflected XSS vulnerability in two templates | xwiki | xwiki-platform | - | - | 2025-08-05 23:27:07 | Deep Dive |
| CVE-2025-5988 | Aap-gateway: csrf origin checking is disabled | - | - | Medium | 5.3 | 2025-08-04 15:16:44 | Deep Dive |
| CVE-2025-7738 | Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap | Ansible | django-ansible-base | Medium | 4.4 | 2025-07-31 14:12:03 | Deep Dive |
| CVE-2025-7205 | GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | Medium | 5.4 | 2025-07-31 07:25:01 | Deep Dive |
| CVE-2025-8348 | Kehua Charging Pile Cloud Platform home improper authentication | Kehua | Charging Pile Cloud Platform | High | 7.3 | 2025-07-31 03:32:06 | Deep Dive |
| CVE-2025-8347 | Kehua Charging Pile Cloud Platform findAllTask sql injection | Kehua | Charging Pile Cloud Platform | Medium | 6.3 | 2025-07-31 03:02:06 | Deep Dive |
| CVE-2025-41241 | Denial-of-service vulnerability | VMware | vCenter | Medium | 4.4 | 2025-07-29 12:25:56 | Deep Dive |
| CVE-2025-8283 | Netavark: podman: netavark may resolve hostnames to unexpected hosts | - | - | Low | 3.7 | 2025-07-28 18:16:08 | Deep Dive |
| CVE-2025-54385 | XWiki Platform's searchDocuments API allows for SQL injection | xwiki | xwiki-platform | 中危 | - | 2025-07-26 03:28:49 | Deep Dive |
| CVE-2025-5449 | Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service | - | - | Medium | 6.5 | 2025-07-25 17:19:39 | Deep Dive |
| CVE-2022-4979 | Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS | Sitecore | Experience Platform | 中危 | - | 2025-07-25 15:55:36 | Deep Dive |
| CVE-2015-10142 | Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path | Sitecore | Experience Platform (XP) | 中危 | - | 2025-07-25 15:55:07 | Deep Dive |
| CVE-2025-34139 | Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read | Sitecore | Experience Manager (XM) | 中危 | - | 2025-07-25 15:54:25 | Deep Dive |
| CVE-2015-10143 | Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update | PageLines | Platform | Critical | 9.8 | 2025-07-25 02:23:58 | Deep Dive |
| CVE-2025-32429 | XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter | xwiki | xwiki-platform | 中危 | - | 2025-07-24 22:22:35 | Deep Dive |
| CVE-2025-8114 | Libssh: null pointer dereference in libssh kex session id calculation | - | - | Medium | 4.7 | 2025-07-24 14:14:48 | Deep Dive |
| CVE-2016-15044 | Kaltura < 11.1.0-2 PHP Object Injection RCE | Kaltura | Video Platform | 中危 | - | 2025-07-23 22:02:05 | Deep Dive |
| CVE-2025-4878 | Libssh: use of uninitialized variable in privatekey_from_file() | - | - | Low | 3.6 | 2025-07-22 14:17:03 | Deep Dive |
| CVE-2025-7936 | fuyang_lipengjun platform ScheduleJobLogController.java queryPage sql injection | fuyang_lipengjun | platform | Medium | 6.3 | 2025-07-21 19:32:10 | Deep Dive |