| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-26527 | Non-searchable tags can still be discovered on the tag search page and in the tags block | Moodle Project | moodle | Medium | 5.3 | 2025-02-24 19:44:06 | Deep Dive |
| CVE-2025-26526 | Feedback response viewing and deletions did not respect Separate Groups mode | Moodle Project | moodle | Medium | 6.5 | 2025-02-24 19:39:24 | Deep Dive |
| CVE-2025-26525 | Arbitrary file read risk through pdfTeX | Moodle Project | moodle | High | 8.6 | 2025-02-24 19:31:44 | Deep Dive |
| CVE-2025-25284 | Path Traversal and Local File Read via VRT (Virtual Format) in ZOO-Project WPS Implementation | ZOO-Project | ZOO-Project | 高危 | - | 2025-02-18 18:42:55 | Deep Dive |
| CVE-2025-22207 | [20250201] - Core - SQL injection vulnerability in Scheduled Tasks component | Joomla! Project | Joomla! CMS | 中危 | - | 2025-02-18 16:03:30 | Deep Dive |
| CVE-2024-13500 | WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 11:26:48 | Deep Dive |
| CVE-2024-13752 | WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update | wedevs | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | Medium | 6.5 | 2025-02-15 09:24:24 | Deep Dive |
| CVE-2024-31144 | Xapi: Metadata injection attack against backup/restore functionality | Xen Project | Xen | - | - | 2025-02-14 20:16:40 | Deep Dive |
| CVE-2025-25190 | [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server | ZOO-Project | ZOO-Project | 中危 | - | 2025-02-10 22:11:00 | Deep Dive |
| CVE-2025-25189 | [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script | ZOO-Project | ZOO-Project | 中危 | - | 2025-02-10 22:05:21 | Deep Dive |
| CVE-2025-25183 | vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache | vllm-project | vllm | Low | 2.6 | 2025-02-07 19:59:01 | Deep Dive |
| CVE-2025-0509 | Signing Checks Bypass | sparkle-project | Sparkle | High | 7.3 | 2025-02-04 20:01:09 | Deep Dive |
| CVE-2025-24357 | vLLM allows a malicious model RCE by torch.load in hf_model_weights_iterator | vllm-project | vllm | High | 7.5 | 2025-01-27 17:38:20 | Deep Dive |
| CVE-2025-24403 | Jenkins plugin Azure Service Fabric 安全漏洞 | Jenkins Project | Jenkins Azure Service Fabric Plugin | 中危 | - | 2025-01-22 17:02:55 | Deep Dive |
| CVE-2025-24402 | Jenkins plugin Azure Service Fabric 跨站请求伪造漏洞 | Jenkins Project | Jenkins Azure Service Fabric Plugin | 中危 | - | 2025-01-22 17:02:55 | Deep Dive |
| CVE-2025-24401 | Jenkins plugin Folder-based Authorization Strategy 安全漏洞 | Jenkins Project | Jenkins Folder-based Authorization Strategy Plugin | 中危 | - | 2025-01-22 17:02:54 | Deep Dive |
| CVE-2025-24400 | Jenkins plugin Eiffel Broadcaster 安全漏洞 | Jenkins Project | Jenkins Eiffel Broadcaster Plugin | 中危 | - | 2025-01-22 17:02:54 | Deep Dive |
| CVE-2025-24399 | Jenkins plugin OpenId Connect Authentication 安全漏洞 | Jenkins Project | Jenkins OpenId Connect Authentication Plugin | 高危 | - | 2025-01-22 17:02:53 | Deep Dive |
| CVE-2025-24398 | Jenkins plugin Bitbucket Server Integration 跨站请求伪造漏洞 | Jenkins Project | Jenkins Bitbucket Server Integration Plugin | 高危 | - | 2025-01-22 17:02:52 | Deep Dive |
| CVE-2025-24397 | Jenkins plugin GitLab 安全漏洞 | Jenkins Project | Jenkins GitLab Plugin | 中危 | - | 2025-01-22 17:02:52 | Deep Dive |