| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-60182 | WordPress Support Board plugin < 3.8.7 - Cross Site Scripting (XSS) vulnerability | Schiocco | Support Board | - | - | 2025-12-18 07:22:09 | Deep Dive |
| CVE-2025-59134 | WordPress Sale! Immigration law, Visa services support, Migration Agent Consulting theme <= 1.5.8 - Privilege Escalation vulnerability | Jthemes | Sale! Immigration law, Visa services support, Migration Agent Consulting | - | - | 2025-12-18 07:22:00 | Deep Dive |
| CVE-2025-14712 | JHENG GAO|Student Learning Assessment and Support System - Exposure of Sensitive Information | JHENG GAO | Student Learning Assessment and Support System | High | 7.5 | 2025-12-15 05:37:22 | Deep Dive |
| CVE-2025-14581 | HAPPY – Helpdesk Support Ticket System <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply | villatheme | HAPPY – Helpdesk Support Ticket System | Medium | 4.3 | 2025-12-13 03:20:25 | Deep Dive |
| CVE-2025-13660 | Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint | rcatheme | Guest Support | Medium | 5.3 | 2025-12-12 06:32:57 | Deep Dive |
| CVE-2025-14523 | Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) | Red Hat | Red Hat Enterprise Linux 10 | High | 8.2 | 2025-12-11 12:30:59 | Deep Dive |
| CVE-2025-66287 | Webkitgtk: processing maliciously crafted web content may lead to an unexpected process crash | The WebKitGTK Team | WebKitGTK | High | 8.8 | 2025-12-04 16:48:31 | Deep Dive |
| CVE-2025-13947 | Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop | The WebKitGTK Team | webkitgtk | High | 7.4 | 2025-12-03 09:46:00 | Deep Dive |
| CVE-2025-13601 | Glib: integer overflow in in g_escape_uri_string() | - | - | High | 7.7 | 2025-11-26 14:44:23 | Deep Dive |
| CVE-2025-13502 | Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos | The WebKitGTK Team | webkitgtk | High | 7.5 | 2025-11-25 08:02:26 | Deep Dive |
| CVE-2025-13609 | Keylime: keylime: registrar allows identity takeover via duplicate uuid registration | Keylime Project | keylime | High | 8.2 | 2025-11-24 18:08:56 | Deep Dive |
| CVE-2025-66113 | WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability | ThemeAtelier | Better Chat Support for Messenger | Medium | 5.3 | 2025-11-21 12:30:06 | Deep Dive |
| CVE-2025-61662 | Grub2: missing unregister call for gettext command may lead to use-after-free | GNU | grub2 | High | 7.8 | 2025-11-18 18:20:48 | Deep Dive |
| CVE-2025-13161 | IQ Service International|IQ-Support - Arbitrary File Read | IQ Service International | IQ-Support | High | 7.5 | 2025-11-14 03:05:20 | Deep Dive |
| CVE-2025-13160 | IQ Service International|IQ-Support - Exposure of Sensitive Information | IQ Service International | IQ-Support | Medium | 5.3 | 2025-11-14 03:00:26 | Deep Dive |
| CVE-2025-59089 | Python-kdcproxy: remote dos via unbounded tcp upstream buffering | latchset | kdcproxy | Medium | 5.9 | 2025-11-12 16:40:51 | Deep Dive |
| CVE-2025-59088 | Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv | latchset | kdcproxy | High | 8.6 | 2025-11-12 16:35:28 | Deep Dive |
| CVE-2025-30506 | Intel Driver and Support Assistant 代码问题漏洞 | - | Intel Driver and Support Assistant | Medium | 6.7 | 2025-11-11 16:50:38 | Deep Dive |
| CVE-2025-24842 | Intel System Support Utility for Windows 代码问题漏洞 | - | Intel(R) System Support Utility | Medium | 6.7 | 2025-11-11 16:49:57 | Deep Dive |
| CVE-2025-60235 | WordPress Support Ticket System for WooCommerce plugin <= 2.0.7 - Arbitrary File Upload vulnerability | Plugify | Support Ticket System for WooCommerce (Premium) | 中危 | - | 2025-11-06 15:55:08 | Deep Dive |