| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-20389 | Improper Input Validation in "label" column field in Splunk Secure Gateway App | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-12-03 17:00:55 | Deep Dive |
| CVE-2025-20387 | Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade | Splunk | Splunk Enterprise | High | 8.0 | 2025-12-03 17:00:51 | Deep Dive |
| CVE-2025-20383 | Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-12-03 17:00:36 | Deep Dive |
| CVE-2025-20384 | Unauthenticated Log Injection in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.3 | 2025-12-03 17:00:34 | Deep Dive |
| CVE-2025-20386 | Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade | Splunk | Splunk Enterprise | High | 8.0 | 2025-12-03 17:00:32 | Deep Dive |
| CVE-2025-20385 | Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 2.4 | 2025-12-03 17:00:30 | Deep Dive |
| CVE-2025-20382 | URL validation bypass through Views Dashboard in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 3.5 | 2025-12-03 17:00:22 | Deep Dive |
| CVE-2025-13947 | Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop | The WebKitGTK Team | webkitgtk | High | 7.4 | 2025-12-03 09:46:00 | Deep Dive |
| CVE-2025-12744 | Abrt: command-injection in abrt leading to local privilege escalation | - | - | High | 8.8 | 2025-12-03 08:33:07 | Deep Dive |
| CVE-2025-13601 | Glib: integer overflow in in g_escape_uri_string() | - | - | High | 7.7 | 2025-11-26 14:44:23 | Deep Dive |
| CVE-2025-13502 | Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos | The WebKitGTK Team | webkitgtk | High | 7.5 | 2025-11-25 08:02:26 | Deep Dive |
| CVE-2025-13609 | Keylime: keylime: registrar allows identity takeover via duplicate uuid registration | Keylime Project | keylime | High | 8.2 | 2025-11-24 18:08:56 | Deep Dive |
| CVE-2025-13524 | Amazon Web Services Wickr 安全漏洞 | AWS | Wickr | Medium | 5.7 | 2025-11-21 20:03:54 | Deep Dive |
| CVE-2025-41115 | Incorrect privilege assignment | Grafana | Grafana Enterprise | Critical | 10.0 | 2025-11-21 14:25:39 | Deep Dive |
| CVE-2025-13432 | Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access | HashiCorp | Terraform Enterprise | Medium | 4.3 | 2025-11-21 14:20:54 | Deep Dive |
| CVE-2025-35029 | Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page | Medical Informatics Engineering | Enterprise Health | Low | 3.5 | 2025-11-20 19:34:31 | Deep Dive |
| CVE-2025-37162 | Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking 100 Series Cellular Bridge | Medium | 6.5 | 2025-11-18 19:23:21 | Deep Dive |
| CVE-2025-37161 | Unauthenticated Remote Denial-of-Service (DoS) Vulnerability in Web Management Interface | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking 100 Series Cellular Bridge | High | 7.5 | 2025-11-18 19:21:23 | Deep Dive |
| CVE-2025-37163 | Authenticated Command Injection Vulnerability in HPE Aruba Networking Management Software (AirWave) CLI | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Management Software (Airwave) | High | 7.2 | 2025-11-18 19:06:11 | Deep Dive |
| CVE-2025-37160 | Authenticated Broken Access Control (BAC) in REST API Configuration Service | Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX | Medium | 5.3 | 2025-11-18 18:54:10 | Deep Dive |