| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-41081 | Reflected Cross-Site Scripting (XSS) in IsMyGym | Zuinq Studio | IsMyGym | - | - | 2026-01-20 12:11:34 | Deep Dive |
| CVE-2025-11043 | Improper Server Certificate Validation in Automation Studio | B&R Industrial Automation GmbH | B&R Automation Studio | High | 7.4 | 2026-01-19 15:52:15 | Deep Dive |
| CVE-2026-0741 | Electric Studio Download Counter <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters | electric-studio | Electric Studio Download Counter | Medium | 4.4 | 2026-01-14 06:40:07 | Deep Dive |
| CVE-2026-22033 | Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field | HumanSignal | label-studio | - | - | 2026-01-12 17:47:34 | Deep Dive |
| CVE-2025-22509 | WordPress Atlas theme <= 2.1.0 - Local File Inclusion vulnerability | TMRW-studio | Atlas | High | 8.1 | 2026-01-08 09:17:39 | Deep Dive |
| CVE-2025-47552 | WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability | Digital zoom studio | DZS Video Gallery | Critical | 9.8 | 2026-01-07 12:38:11 | Deep Dive |
| CVE-2025-32300 | WordPress DZS Video Gallery plugin <= 12.39 - Cross Site Scripting (XSS) vulnerability | Digital zoom studio | DZS Video Gallery | High | 7.1 | 2026-01-07 12:06:37 | Deep Dive |
| CVE-2025-47553 | WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability | Digital zoom studio | DZS Video Gallery | High | 8.8 | 2026-01-06 16:47:41 | Deep Dive |
| CVE-2025-49352 | WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability | YoOhw Studio | Order Cancellation & Returns for WooCommerce | Medium | 4.3 | 2025-12-31 16:25:45 | Deep Dive |
| CVE-2025-14432 | Poly Video - Sensitive Data Might Be Written to Log File | HP Inc | Poly G7500 | - | - | 2025-12-16 15:15:05 | Deep Dive |
| CVE-2025-40801 | Siemens多款产品 信任管理问题漏洞 | Siemens | COMOS V10.6 | High | 8.1 | 2025-12-09 10:44:25 | Deep Dive |
| CVE-2025-14204 | TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection | TykoDev | cherry-studio-TykoFork | Medium | 6.3 | 2025-12-07 23:02:06 | Deep Dive |
| CVE-2025-10285 | Simplcity Device Manager exposes NTLMv2 hash | silabs.com | Simplicity Studio V6 | - | - | 2025-12-04 21:36:34 | Deep Dive |
| CVE-2025-64660 | GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability | Microsoft | Visual Studio Code | High | 8.0 | 2025-11-20 22:18:57 | Deep Dive |
| CVE-2025-62453 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Microsoft | Visual Studio Code | Medium | 5.0 | 2025-11-11 17:59:51 | Deep Dive |
| CVE-2025-62449 | Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | Microsoft | Microsoft Visual Studio Code CoPilot Chat Extension | Medium | 6.8 | 2025-11-11 17:59:50 | Deep Dive |
| CVE-2025-62222 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | Microsoft | Microsoft Visual Studio Code CoPilot Chat Extension | High | 8.8 | 2025-11-11 17:59:49 | Deep Dive |
| CVE-2025-62214 | Visual Studio Remote Code Execution Vulnerability | Microsoft | Microsoft Visual Studio 2022 version 17.14 | Medium | 6.7 | 2025-11-11 17:59:48 | Deep Dive |
| CVE-2025-11697 | Studio 5000 ® Simulation Interface Local Code Execution | Rockwell Automation | Studio 5000 ® Simulation Interface | 高危 | - | 2025-11-11 13:49:50 | Deep Dive |
| CVE-2025-11696 | Studio 5000 ® Simulation Interface SSRF | Rockwell Automation | Studio 5000® Simulation Interface™ | 高危 | - | 2025-11-11 13:47:11 | Deep Dive |