| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-34041 | Sangfor Endpoint Detection and Response OS Command Injection | Sangfor Technologies Co., Ltd. | Endpoint Detection and Response Platform | - | - | 2025-06-24 01:39:59 | Deep Dive |
| CVE-2025-52488 | DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input | dnnsoftware | Dnn.Platform | High | 8.6 | 2025-06-21 02:51:25 | Deep Dive |
| CVE-2025-52487 | DNN.PLATFORM possibly allows bypass of IP Filters | dnnsoftware | Dnn.Platform | - | - | 2025-06-21 02:44:59 | Deep Dive |
| CVE-2025-52486 | DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects | dnnsoftware | Dnn.Platform | - | - | 2025-06-21 02:42:48 | Deep Dive |
| CVE-2025-52485 | DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed | dnnsoftware | Dnn.Platform | - | - | 2025-06-21 02:40:38 | Deep Dive |
| CVE-2025-6267 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 barcodeDetail sql injection | zhilink 智互联(深圳)科技有限公司 | ADP Application Developer Platform 应用开发者平台 | Medium | 6.3 | 2025-06-19 14:00:15 | Deep Dive |
| CVE-2025-4571 | GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And Modification | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | Medium | 5.4 | 2025-06-19 06:44:49 | Deep Dive |
| CVE-2025-34510 | Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip | Sitecore | Experience Manager | High | 8.8 | 2025-06-17 18:46:04 | Deep Dive |
| CVE-2025-34509 | Sitecore XM and XP Hardcoded Credentials | Sitecore | Experience Manager | High | 7.5 | 2025-06-17 18:20:57 | Deep Dive |
| CVE-2025-49794 | Libxml: heap use after free (uaf) leads to denial of service (dos) | - | - | Critical | 9.1 | 2025-06-16 15:24:31 | Deep Dive |
| CVE-2025-6170 | Libxml2: stack buffer overflow in xmllint interactive shell command handling | - | - | Low | 2.5 | 2025-06-16 15:24:05 | Deep Dive |
| CVE-2025-49796 | Libxml: type confusion leads to denial of service (dos) | - | - | Critical | 9.1 | 2025-06-16 15:14:28 | Deep Dive |
| CVE-2025-49587 | XWiki does not require right warnings for notification displayer objects | xwiki | xwiki-platform | - | - | 2025-06-13 17:51:48 | Deep Dive |
| CVE-2025-49586 | XWiki allows remote code execution through preview of XClass changes in AWM editor | xwiki | xwiki-platform | - | - | 2025-06-13 17:47:07 | Deep Dive |
| CVE-2025-49585 | XWiki does not require right warnings for XClass definitions | xwiki | xwiki-platform | - | - | 2025-06-13 17:33:34 | Deep Dive |
| CVE-2025-49584 | XWiki makes title of inaccessible pages available through the class property values REST API | xwiki | xwiki-platform | - | - | 2025-06-13 17:21:34 | Deep Dive |
| CVE-2025-49583 | XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right | xwiki | xwiki-platform | - | - | 2025-06-13 17:04:50 | Deep Dive |
| CVE-2025-49582 | XWiki's required right warnings for macros are incomplete | xwiki | xwiki-platform | - | - | 2025-06-13 16:41:45 | Deep Dive |
| CVE-2025-49581 | XWiki allows remote code execution through default value of wiki macro wiki-type parameters | xwiki | xwiki-platform | - | - | 2025-06-13 16:09:23 | Deep Dive |
| CVE-2025-49580 | XWiki allows privilege escalation through link refactoring | xwiki | xwiki-platform | - | - | 2025-06-13 15:45:58 | Deep Dive |