| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14104 | Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames | util-linux | util-linux | Medium | 6.1 | 2025-12-05 16:22:09 | Deep Dive |
| CVE-2025-13601 | Glib: integer overflow in in g_escape_uri_string() | - | - | High | 7.7 | 2025-11-26 14:44:23 | Deep Dive |
| CVE-2025-64484 | OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation | oauth2-proxy | oauth2-proxy | High | 8.5 | 2025-11-10 21:33:58 | Deep Dive |
| CVE-2025-12486 | Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability | Heimdall Data | Database Proxy | 高危 | - | 2025-11-06 20:12:54 | Deep Dive |
| CVE-2025-53880 | susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal | SUSE | Container suse/manager/4.3/proxy-httpd:latest | - | - | 2025-10-30 10:31:16 | Deep Dive |
| CVE-2025-10929 | Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111 | Drupal | Reverse Proxy Header | - | - | 2025-10-29 23:14:07 | Deep Dive |
| CVE-2025-48360 | WordPress Varnish/Nginx Proxy Caching plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability | Razvan Stanga | Varnish/Nginx Proxy Caching | Medium | 5.9 | 2025-08-28 12:37:09 | Deep Dive |
| CVE-2025-20345 | Cisco Duo Authentication Proxy Information Disclosure Vulnerability | Cisco | Cisco Duo Authentication Proxy | Medium | 4.9 | 2025-08-20 16:26:33 | Deep Dive |
| CVE-2025-8941 | Linux-pam: incomplete fix for cve-2025-6020 | - | - | High | 7.8 | 2025-08-13 14:42:38 | Deep Dive |
| CVE-2025-8671 | CVE-2025-8671 | SUSE Linux | Enterprise Module for Development Tools | - | - | 2025-08-13 12:03:37 | Deep Dive |
| CVE-2025-46809 | Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs | SUSE | Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1 | Medium | 5.7 | 2025-07-31 15:24:42 | Deep Dive |
| CVE-2025-54586 | GitProxy is susceptible to a hidden commits injection attack | finos | git-proxy | High | 7.1 | 2025-07-30 21:14:41 | Deep Dive |
| CVE-2025-54585 | GitProxy is vulnerable to a new branch approval exploit | finos | git-proxy | - | - | 2025-07-30 20:17:21 | Deep Dive |
| CVE-2025-54584 | GitProxy is vulnerable to a packfile parsing exploit | finos | git-proxy | - | - | 2025-07-30 20:01:16 | Deep Dive |
| CVE-2025-54583 | GitProxy bypasses approvals when pushing multiple branches | finos | git-proxy | - | - | 2025-07-30 19:59:44 | Deep Dive |
| CVE-2025-54576 | OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion | oauth2-proxy | oauth2-proxy | Critical | 9.1 | 2025-07-30 19:41:04 | Deep Dive |
| CVE-2025-6395 | Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite() | - | - | Medium | 6.5 | 2025-07-10 15:20:46 | Deep Dive |
| CVE-2025-7425 | Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr | GNOME | libxml2 | High | 7.8 | 2025-07-10 13:53:37 | Deep Dive |
| CVE-2025-32990 | Gnutls: vulnerability in gnutls certtool template parsing | - | - | Medium | 6.5 | 2025-07-10 09:41:46 | Deep Dive |
| CVE-2025-32989 | Gnutls: vulnerability in gnutls sct extension parsing | - | - | Medium | 5.3 | 2025-07-10 08:05:26 | Deep Dive |