| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-9152 | Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-10-16 12:37:01 | Deep Dive |
| CVE-2025-9804 | Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs | WSO2 | WSO2 Identity Server as Key Manager | High | 8.9 | 2025-10-16 12:33:45 | Deep Dive |
| CVE-2025-10611 | Potential Broken Access Control in Multiple WSO2 Products via System REST APIs | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-10-16 12:09:32 | Deep Dive |
| CVE-2025-5717 | Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service | WSO2 | WSO2 API Manager | Medium | 6.8 | 2025-09-23 16:05:20 | Deep Dive |
| CVE-2025-4760 | Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher | WSO2 | WSO2 API Manager | Medium | 4.8 | 2025-09-23 14:55:05 | Deep Dive |
| CVE-2025-55203 | Plane Stored XSS in Add Work Item Functionality | makeplane | plane | Medium | 5.4 | 2025-08-15 15:06:01 | Deep Dive |
| CVE-2024-8008 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation | WSO2 | WSO2 Enterprise Integrator | Medium | 5.2 | 2025-06-02 16:48:12 | Deep Dive |
| CVE-2025-48070 | Plane has insecure permissions in UserSerializer | makeplane | plane | Low | 3.5 | 2025-05-21 22:11:06 | Deep Dive |
| CVE-2025-21616 | Plane has a Cross-site scripting (XSS) via SVG image upload | makeplane | plane | Medium | 5.4 | 2025-01-06 21:22:24 | Deep Dive |
| CVE-2024-47830 | Plane allows server side request forgery via /_next/image endpoint | makeplane | plane | Critical | 9.3 | 2024-10-11 14:55:37 | Deep Dive |
| CVE-2024-31461 | Plane Server-Side Request Forgery (SSRF) Vulnerability | makeplane | plane | Critical | 9.1 | 2024-04-10 17:25:30 | Deep Dive |
| CVE-2023-30791 | Plane 0.7.1 - Insecure file upload | Plane | Plane | High | 7.1 | 2023-07-15 18:41:22 | Deep Dive |
| CVE-2023-2268 | Plane v0.7.1 - Unauthorized access to files | Plane | Plane | High | 7.1 | 2023-07-15 18:37:05 | Deep Dive |
| CVE-2023-20046 | Cisco StarOS 安全漏洞 | Cisco | Cisco ASR 5000 Series Software | High | 8.8 | 2023-05-09 13:06:11 | Deep Dive |