| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-20232 | Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.7 | 2025-03-26 22:06:00 | Deep Dive |
| CVE-2025-20229 | Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise | Splunk | Splunk Enterprise | High | 8.0 | 2025-03-26 22:05:09 | Deep Dive |
| CVE-2025-20228 | Maintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 6.5 | 2025-03-26 22:04:32 | Deep Dive |
| CVE-2025-20227 | Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-03-26 22:03:50 | Deep Dive |
| CVE-2025-20226 | Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.7 | 2025-03-26 22:02:11 | Deep Dive |
| CVE-2025-23204 | GraphQl securityAfterResolver not called | api-platform | core | Medium | 4.4 | 2025-03-24 15:53:19 | Deep Dive |
| CVE-2025-2331 | GiveWP – Donation Plugin and Fundraising Platform <= 3.22.1 - Authenticated (Subscriber+) Sensitive Information Exposure | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | Medium | 5.3 | 2025-03-22 11:18:42 | Deep Dive |
| CVE-2024-7631 | Openshift-console: openshift console: path traversal | - | - | Medium | 4.3 | 2025-03-19 18:47:28 | Deep Dive |
| CVE-2025-29926 | The WikiManager REST API allows any user to create wikis | xwiki | xwiki-platform | 中危 | - | 2025-03-19 17:40:45 | Deep Dive |
| CVE-2025-29925 | XWiki allows unregistered users to access private pages information through REST endpoint | xwiki | xwiki-platform | 高危 | - | 2025-03-19 17:36:28 | Deep Dive |
| CVE-2025-29924 | XWiki uses the wrong wiki reference in AuthorizationManager | xwiki | xwiki-platform | 高危 | - | 2025-03-19 17:31:10 | Deep Dive |
| CVE-2025-2025 | Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Function | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | Medium | 6.5 | 2025-03-15 11:13:28 | Deep Dive |
| CVE-2024-8176 | Libexpat: expat: improper restriction of xml entity expansion depth in libexpat | - | - | High | 7.5 | 2025-03-14 08:19:49 | Deep Dive |
| CVE-2025-2240 | Smallrye-fault-tolerance: smallrye fault tolerance | - | - | High | 7.5 | 2025-03-12 14:55:16 | Deep Dive |
| CVE-2025-25245 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | SAP_SE | SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | Medium | 5.4 | 2025-03-11 00:34:56 | Deep Dive |
| CVE-2025-23185 | Information Disclosure in SAP Business Objects Business Intelligence Platform | SAP_SE | SAP Business Objects Business Intelligence Platform | Medium | 4.1 | 2025-03-11 00:31:51 | Deep Dive |
| CVE-2025-0062 | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | SAP_SE | SAP BusinessObjects Business Intelligence Platform | Medium | 4.7 | 2025-03-11 00:31:19 | Deep Dive |
| CVE-2024-13904 | Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery | platformlycom | Platform.ly for WooCommerce | Medium | 5.3 | 2025-03-07 08:21:26 | Deep Dive |
| CVE-2025-0337 | Authorization bypass in Now Platform | ServiceNow | Now Platform | Medium | 6.5 | 2025-03-06 16:29:12 | Deep Dive |
| CVE-2025-2030 | Seeyon Zhiyuan Interconnect FE Collaborative Office Platform addUser.jsp sql injection | Seeyon | Zhiyuan Interconnect FE Collaborative Office Platform | High | 7.3 | 2025-03-06 15:00:13 | Deep Dive |