| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-0514 | Cross-Site Scripting (XSS) vulnerability in SAP Business Connector | SAP_SE | SAP Business Connector | Medium | 6.1 | 2026-01-13 01:16:04 | Deep Dive |
| CVE-2026-0497 | Missing Authorization check in Business Server Pages Application (Product Designer Web UI) | SAP_SE | Business Server Pages Application (Product Designer Web UI) | Medium | 4.3 | 2026-01-13 01:13:36 | Deep Dive |
| CVE-2025-13852 | Debt.com Business in a Box <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | debtcom | Debt.com Business in a Box | Medium | 6.4 | 2026-01-09 11:15:31 | Deep Dive |
| CVE-2025-68887 | WordPress WP-BusinessDirectory plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability | CMSJunkie - WordPress Business Directory Plugins | WP-BusinessDirectory | 中危 | - | 2026-01-08 09:17:54 | Deep Dive |
| CVE-2025-69354 | WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability | BBR Plugins | Better Business Reviews | Medium | 4.3 | 2026-01-06 16:36:41 | Deep Dive |
| CVE-2025-66132 | WordPress FAPI Member plugin <= 2.2.30 - Insecure Direct Object References (IDOR) vulnerability | FAPI Business s.r.o. | FAPI Member | Medium | 5.3 | 2025-12-16 08:12:55 | Deep Dive |
| CVE-2025-64630 | WordPress Business Directory plugin <= 6.4.19 - Broken Access Control vulnerability | Strategy11 Team | Business Directory | Medium | 4.9 | 2025-12-16 08:12:50 | Deep Dive |
| CVE-2025-14697 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file access | Shenzhen Sixun Software | Sixun Shanghui Group Business Management System | Low | 3.7 | 2025-12-15 02:02:06 | Deep Dive |
| CVE-2025-14696 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System UpdatePasswordBatch password recovery | Shenzhen Sixun Software | Sixun Shanghui Group Business Management System | Medium | 5.3 | 2025-12-15 01:32:07 | Deep Dive |
| CVE-2025-67596 | WordPress Business Directory plugin <= 6.4.19 - Cross Site Request Forgery (CSRF) vulnerability | Strategy11 Team | Business Directory | Medium | 4.3 | 2025-12-09 14:14:19 | Deep Dive |
| CVE-2025-42896 | Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform | SAP_SE | SAP BusinessObjects Business Intelligence Platform | Medium | 5.4 | 2025-12-09 02:15:28 | Deep Dive |
| CVE-2025-14262 | Jobs can be saved as workflows with wrong permissions on KNIME Business Hub | KNIME | KNIME Business Hub | - | - | 2025-12-08 09:34:46 | Deep Dive |
| CVE-2025-13414 | Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export | gwendydd | Chamber Dashboard Business Directory | Medium | 5.3 | 2025-11-25 07:28:19 | Deep Dive |
| CVE-2025-12174 | Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update | wpwax | Directorist: AI-Powered Business Directory, Listings & Classified Ads | Medium | 6.5 | 2025-11-19 05:45:14 | Deep Dive |
| CVE-2025-55179 | Facebook WhatsApp 安全漏洞 | WhatsApp Business for iOS | Medium | 5.4 | 2025-11-18 13:56:32 | Deep Dive | |
| CVE-2025-7711 | Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description | techlabpro1 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin | Medium | 5.4 | 2025-11-17 22:27:45 | Deep Dive |
| CVE-2025-13275 | Iqbolshoh php-business-website about.php unrestricted upload | Iqbolshoh | php-business-website | Medium | 4.7 | 2025-11-17 10:32:05 | Deep Dive |
| CVE-2025-12833 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment | paoltaia | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | Medium | 4.3 | 2025-11-12 04:29:09 | Deep Dive |
| CVE-2025-12953 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering | techlabpro1 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin | Medium | 4.3 | 2025-11-11 11:03:46 | Deep Dive |
| CVE-2025-42897 | Information Disclosure vulnerability in SAP Business One (SLD) | SAP_SE | SAP Business One (SLD) | Medium | 5.3 | 2025-11-11 00:19:51 | Deep Dive |