| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-5288 | REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function | weboccults | REST API | Custom API Generator For Cross Platform And Import Export In WP | Critical | 9.8 | 2025-06-13 01:47:46 | Deep Dive |
| CVE-2025-5485 | SinoTrack GPS Receiver Weak Authentication | SinoTrack | IOT PC Platform | High | 8.6 | 2025-06-12 20:05:35 | Deep Dive |
| CVE-2025-5484 | SinoTrack GPS Receiver Weak Authentication | SinoTrack | IOT PC Platform | High | 8.3 | 2025-06-12 20:03:32 | Deep Dive |
| CVE-2024-56158 | XWiki allows SQL injection in query endpoint of REST API with Oracle | xwiki | xwiki-platform | - | - | 2025-06-12 14:56:57 | Deep Dive |
| CVE-2025-6021 | Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2 | - | - | High | 7.5 | 2025-06-12 12:49:16 | Deep Dive |
| CVE-2025-2474 | Vulnerability in PCX Image Codec Impacts QNX Software Development Platform | BlackBerry | QNX Software Development Platform (SDP) | Critical | 9.8 | 2025-06-10 17:38:04 | Deep Dive |
| CVE-2025-47977 | Nuance Digital Engagement Platform Spoofing Vulnerability | Microsoft | Nuance Digital Engagement Platform | High | 8.2 | 2025-06-10 17:02:46 | Deep Dive |
| CVE-2025-42988 | Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform | SAP_SE | SAP Business Objects Business Intelligence Platform | Low | 3.7 | 2025-06-10 00:12:00 | Deep Dive |
| CVE-2025-0037 | AMD Versal Adaptive SoC 输入验证错误漏洞 | AMD | Platform Loader and Manager (PLM) | Medium | 6.6 | 2025-06-09 23:52:34 | Deep Dive |
| CVE-2025-5914 | Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c | - | - | High | 7.8 | 2025-06-09 19:53:49 | Deep Dive |
| CVE-2025-5918 | Libarchive: reading past eof may be triggered for piped file streams | - | - | Low | 3.9 | 2025-06-09 19:49:14 | Deep Dive |
| CVE-2025-5917 | Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c | - | - | Low | 2.8 | 2025-06-09 19:49:13 | Deep Dive |
| CVE-2025-5916 | Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c | - | - | Low | 3.9 | 2025-06-09 19:49:08 | Deep Dive |
| CVE-2025-5915 | Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c | - | - | Medium | 6.6 | 2025-06-09 19:49:02 | Deep Dive |
| CVE-2025-5791 | Users: `root` appended to group listings | - | - | High | 7.1 | 2025-06-06 13:10:07 | Deep Dive |
| CVE-2025-0620 | Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session | - | - | Medium | 4.9 | 2025-06-06 13:10:07 | Deep Dive |
| CVE-2025-20297 | Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-06-02 17:14:02 | Deep Dive |
| CVE-2025-4598 | Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump | - | - | Medium | 4.7 | 2025-05-30 13:13:26 | Deep Dive |
| CVE-2025-48881 | Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users | valtimo-platform | valtimo-backend-libraries | High | 8.3 | 2025-05-30 05:21:30 | Deep Dive |
| CVE-2025-5326 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 verifyToken deserialization | zhilink 智互联(深圳)科技有限公司 | ADP Application Developer Platform 应用开发者平台 | Medium | 6.3 | 2025-05-29 20:00:07 | Deep Dive |