| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-40842 | Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability | Ericsson | Indoor Connect 8855 | 中危 | - | 2026-03-25 13:10:44 | Deep Dive |
| CVE-2025-40841 | Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability | Ericsson | Indoor Connect 8855 | 中危 | - | 2026-03-25 13:07:53 | Deep Dive |
| CVE-2025-27260 | Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability | Ericsson | Indoor Connect 8855 | 中危 | - | 2026-03-25 12:54:46 | Deep Dive |
| CVE-2026-32300 | Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information | opensource-workshop | connect-cms | High | 8.1 | 2026-03-23 21:40:59 | Deep Dive |
| CVE-2026-32299 | Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature | opensource-workshop | connect-cms | High | 7.5 | 2026-03-23 21:37:49 | Deep Dive |
| CVE-2026-32279 | Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin | opensource-workshop | connect-cms | Medium | 6.8 | 2026-03-23 21:36:22 | Deep Dive |
| CVE-2026-32278 | Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin | opensource-workshop | connect-cms | High | 8.2 | 2026-03-23 21:28:32 | Deep Dive |
| CVE-2026-32277 | Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View | opensource-workshop | connect-cms | High | 8.7 | 2026-03-23 21:22:08 | Deep Dive |
| CVE-2026-32276 | Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin | opensource-workshop | connect-cms | High | 8.8 | 2026-03-23 21:06:33 | Deep Dive |
| CVE-2026-32969 | Pre-Auth Blind SQLi in userinfo Endpoint | MB connect line | MB connect line mbCONNECT24 | High | 7.5 | 2026-03-23 11:16:22 | Deep Dive |
| CVE-2026-32968 | Unauthenticated RCE in com_mb24sysapi | MB connect line | MB connect line mbCONNECT24 | Critical | 9.8 | 2026-03-23 11:16:01 | Deep Dive |
| CVE-2026-1653 | Lenovo Smart Standby Driver 安全漏洞 | Lenovo | Smart Connect | Medium | 5.5 | 2026-03-11 20:21:40 | Deep Dive |
| CVE-2026-1652 | Lenovo Virtual Bus 安全漏洞 | Lenovo | Smart Connect | Medium | 6.1 | 2026-03-11 20:21:33 | Deep Dive |
| CVE-2026-26115 | SQL Server Elevation of Privilege Vulnerability | Microsoft | Microsoft SQL Server 2016 Service Pack 3 (GDR) | High | 8.8 | 2026-03-10 17:05:07 | Deep Dive |
| CVE-2026-21262 | SQL Server Elevation of Privilege Vulnerability | Microsoft | Microsoft SQL Server 2016 Service Pack 3 (GDR) | High | 8.8 | 2026-03-10 17:04:32 | Deep Dive |
| CVE-2026-1824 | Infomaniak Connect for OpenID <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | leopoldinfomaniak | Infomaniak Connect for OpenID | Medium | 6.4 | 2026-03-07 07:22:07 | Deep Dive |
| CVE-2025-13490 | IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality | IBM | App Connect Operator | Medium | 5.9 | 2026-03-03 19:58:18 | Deep Dive |
| CVE-2026-1495 | Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent | AVEVA | PI to CONNECT Agent | Medium | 6.5 | 2026-02-10 20:18:11 | Deep Dive |
| CVE-2025-15331 | Tanium addressed an uncontrolled resource consumption vulnerability in Connect. | Tanium | Connect | Medium | 4.3 | 2026-02-05 18:23:52 | Deep Dive |
| CVE-2025-13491 | IBM App Connect Enterprise Certified Container Information Disclosure | IBM | App Connect Enterprise Certified Container | Medium | 5.1 | 2026-02-05 13:55:22 | Deep Dive |