| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62842 | HBS 3 Hybrid Backup Sync | QNAP Systems Inc. | HBS 3 Hybrid Backup Sync | 中危 | - | 2026-01-02 15:51:41 | Deep Dive |
| CVE-2025-62840 | HBS 3 Hybrid Backup Sync | QNAP Systems Inc. | HBS 3 Hybrid Backup Sync | 中危 | - | 2026-01-02 15:51:35 | Deep Dive |
| CVE-2025-68570 | WordPress Captivate Sync plugin <= 3.2.2 - SQL Injection vulnerability | captivateaudio | Captivate Sync | High | 7.6 | 2025-12-24 13:10:37 | Deep Dive |
| CVE-2025-49350 | WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability | marcoingraiti | Actionwear products sync | Medium | 4.3 | 2025-12-09 14:52:18 | Deep Dive |
| CVE-2025-12675 | KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update | mykiot | KiotViet Sync | Medium | 4.3 | 2025-11-05 07:27:57 | Deep Dive |
| CVE-2025-12676 | KiotViet Sync <= 1.8.5 - Use of Hard-coded Password to Authorization Bypass | mykiot | KiotViet Sync | Medium | 5.3 | 2025-11-05 07:27:56 | Deep Dive |
| CVE-2025-12674 | KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload | mykiot | KiotViet Sync | Critical | 9.8 | 2025-11-05 07:27:56 | Deep Dive |
| CVE-2025-12677 | KiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key Exposure | mykiot | KiotViet Sync | Medium | 5.3 | 2025-11-05 07:27:55 | Deep Dive |
| CVE-2025-11975 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation | fusewp | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) | Medium | 4.3 | 2025-10-31 02:26:04 | Deep Dive |
| CVE-2025-62978 | WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability | Kiotviet | KiotViet Sync | Medium | 4.3 | 2025-10-27 01:34:18 | Deep Dive |
| CVE-2025-11976 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation | fusewp | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) | Medium | 4.3 | 2025-10-25 06:49:25 | Deep Dive |
| CVE-2025-60221 | WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability | captivateaudio | Captivate Sync | - | - | 2025-10-22 14:32:45 | Deep Dive |
| CVE-2025-9894 | Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger | cristianr909090 | Sync Feedly | Medium | 4.3 | 2025-09-27 06:47:14 | Deep Dive |
| CVE-2025-9891 | User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation | cyberlord92 | User Sync | Medium | 4.3 | 2025-09-17 01:53:14 | Deep Dive |
| CVE-2025-7445 | Kubernetes secrets-store-sync-controller discloses service account tokens in logs | Kubernetes | secrets-store-sync-controller | Medium | 6.5 | 2025-09-05 02:31:35 | Deep Dive |
| CVE-2025-49047 | WordPress DigitalOcean Spaces Sync plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | keeross | DigitalOcean Spaces Sync | Medium | 5.9 | 2025-08-14 10:34:20 | Deep Dive |
| CVE-2025-53729 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Microsoft | Azure File Sync | High | 7.8 | 2025-08-12 17:09:45 | Deep Dive |
| CVE-2024-9453 | Jenkins-image: sensitive data disclosure when using openshift jenkins image | Jenkins | openshift-sync-plugin | Medium | 6.5 | 2025-07-04 08:36:35 | Deep Dive |
| CVE-2025-48752 | Process Sync 资源管理错误漏洞 | Forestryks | process-sync-rs | Low | 2.9 | 2025-05-24 00:00:00 | Deep Dive |
| CVE-2025-48009 | Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060 | Drupal | Single Content Sync | - | - | 2025-05-21 16:22:45 | Deep Dive |