| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32647 | NGINX ngx_http_mp4_module vulnerability | F5 | NGINX Open Source | High | 7.8 | 2026-03-24 14:13:26 | Deep Dive |
| CVE-2026-28753 | NGINX ngx_mail_proxy_module vulnerability | F5 | NGINX Open Source | Low | 3.7 | 2026-03-24 14:13:26 | Deep Dive |
| CVE-2026-27784 | NGINX ngx_http_mp4_module vulnerability | F5 | NGINX Open Source | High | 7.8 | 2026-03-24 14:13:25 | Deep Dive |
| CVE-2018-25157 | Phraseanet 4.0.3 Stored XSS via Document Upload | Phraseanet | Phraseanet DAM Open Source | Medium | 6.4 | 2026-02-11 14:56:50 | Deep Dive |
| CVE-2026-1642 | NGINX vulnerability | F5 | NGINX Open Source | Medium | 5.9 | 2026-02-04 15:02:06 | Deep Dive |
| CVE-2020-37078 | i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion | i-doit GmbH | i-doit Open Source CMDB | High | 8.8 | 2026-02-03 22:01:45 | Deep Dive |
| CVE-2019-25264 | Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting | Snipeitapp | IT Open Source Asset Management | Medium | 6.4 | 2026-02-03 16:52:41 | Deep Dive |
| CVE-2026-20912 | Gitea: Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment Disclosure | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:52 | Deep Dive |
| CVE-2026-20904 | Gitea: Broken access control in OpenID visibility toggle enables cross-user visibility changes | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:52 | Deep Dive |
| CVE-2026-20897 | Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR) | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:52 | Deep Dive |
| CVE-2026-20888 | Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass) | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:51 | Deep Dive |
| CVE-2026-20883 | Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:51 | Deep Dive |
| CVE-2026-20800 | Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:50 | Deep Dive |
| CVE-2026-20750 | Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR) | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:50 | Deep Dive |
| CVE-2026-20736 | Gitea Web Attachment Deletion: Cross-Repository Unauthorized Deletion via Missing Repo Ownership Check | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:50 | Deep Dive |
| CVE-2026-0798 | Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:49 | Deep Dive |
| CVE-2022-4984 | ZenTao Biz < 6.5, Max < 3.0, & Open Source Edition 16.5/16.5beta1 SQL Injection via user-login.html | Qingdao Esoft Tianchuang Network Technology Co., Ltd. | ZenTao Biz | 中危 | - | 2025-11-13 19:37:41 | Deep Dive |
| CVE-2025-10737 | Open Source Genesis Framework <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes | StudioPress | Open Source Genesis Framework | Medium | 6.4 | 2025-10-25 05:31:22 | Deep Dive |
| CVE-2025-11101 | itsourcecode Open Source Job Portal index.php sql injection | itsourcecode | Open Source Job Portal | High | 7.3 | 2025-09-28 07:02:06 | Deep Dive |
| CVE-2025-11090 | itsourcecode Open Source Job Portal index.php sql injection | itsourcecode | Open Source Job Portal | Medium | 6.3 | 2025-09-28 01:02:07 | Deep Dive |