| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-69287 | BSV Blockchain SDK has an Authentication Signature Data Preparation Vulnerability | bsv-blockchain | ts-sdk | Medium | 5.4 | 2026-02-18 18:42:23 | Deep Dive |
| CVE-2025-33042 | Apache Avro Java SDK: Code injection on Java generated code | Apache Software Foundation | Apache Avro Java SDK | 中危 | - | 2026-02-13 11:47:04 | Deep Dive |
| CVE-2026-26214 | Xiaomi Galaxy FDS Android SDK <= 3.0.8 TLS Hostname Verification Disabled Enables MITM | Xiaomi Technology Co., Ltd. | Galaxy FDS Android SDK | High | 7.4 | 2026-02-12 15:01:16 | Deep Dive |
| CVE-2026-21352 | DNG SDK | Out-of-bounds Write (CWE-787) | Adobe | DNG SDK | High | 7.8 | 2026-02-10 18:32:04 | Deep Dive |
| CVE-2026-21354 | DNG SDK | Integer Overflow or Wraparound (CWE-190) | Adobe | DNG SDK | Medium | 5.5 | 2026-02-10 18:32:03 | Deep Dive |
| CVE-2026-21353 | DNG SDK | Integer Overflow or Wraparound (CWE-190) | Adobe | DNG SDK | High | 7.8 | 2026-02-10 18:32:02 | Deep Dive |
| CVE-2026-21355 | DNG SDK | Out-of-bounds Read (CWE-125) | Adobe | DNG SDK | Medium | 5.5 | 2026-02-10 18:32:01 | Deep Dive |
| CVE-2026-25528 | LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection | langchain-ai | langsmith-sdk | Medium | 5.8 | 2026-02-09 20:08:33 | Deep Dive |
| CVE-2025-7432 | DPA countermeasures not reseeded under certain conditions | silabs.com | Simplicity SDK | - | - | 2026-02-09 16:07:55 | Deep Dive |
| CVE-2025-12131 | Truncated 802.15.4 packet leads to denial of service | silabs.com | Simplicity SDK | - | - | 2026-02-05 20:02:25 | Deep Dive |
| CVE-2026-25536 | @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse | modelcontextprotocol | typescript-sdk | High | 7.1 | 2026-02-04 21:29:38 | Deep Dive |
| CVE-2026-1778 | TLS disabled by default in select aws/sagemaker-python-sdk configurations | AWS | SageMaker Python SDK | Medium | 5.9 | 2026-02-02 20:14:58 | Deep Dive |
| CVE-2026-1777 | Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk | AWS | SageMaker Python SDK | High | 7.2 | 2026-02-02 20:10:03 | Deep Dive |
| CVE-2026-25046 | [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js | MoonshotAI | kimi-agent-sdk | Low | 2.9 | 2026-01-29 21:37:03 | Deep Dive |
| CVE-2026-24889 | soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64 | stellar | rs-soroban-sdk | Medium | 5.3 | 2026-01-28 22:01:00 | Deep Dive |
| CVE-2026-21219 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | Microsoft | Windows SDK | High | 7.0 | 2026-01-13 17:56:55 | Deep Dive |
| CVE-2026-22611 | AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value | aws | aws-sdk-net | Low | 3.7 | 2026-01-10 05:37:08 | Deep Dive |
| CVE-2026-0621 | MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS | Anthropic | MCP TypeScript SDK | 高危 | - | 2026-01-05 20:57:15 | Deep Dive |
| CVE-2025-10021 | Open Design Alliance Drawings SDK 安全漏洞 | Open Design Alliance | ODA Drawings SDK - All Versions < 2026.12 | - | - | 2025-12-22 15:48:07 | Deep Dive |
| CVE-2025-14762 | AWS SDK for Ruby 安全漏洞 | AWS | AWS SDK for Ruby | Medium | 5.3 | 2025-12-17 20:15:58 | Deep Dive |