| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-46762 | Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata | Apache Software Foundation | Apache Parquet Java | - | - | 2025-05-06 09:08:14 | Deep Dive |
| CVE-2025-31651 | Apache Tomcat: Bypass of rules in Rewrite Valve | Apache Software Foundation | Apache Tomcat | - | - | 2025-04-28 19:17:22 | Deep Dive |
| CVE-2025-31650 | Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame | Apache Software Foundation | Apache Tomcat | - | - | 2025-04-28 19:14:31 | Deep Dive |
| CVE-2025-2866 | PDF signature forgery with adbe.pkcs7.sha1 SubFilter | The Document Foundation | LibreOffice | 中危 | - | 2025-04-27 19:04:52 | Deep Dive |
| CVE-2025-27820 | Apache HttpComponents: PSL (Public Suffix List) validation bypass | Apache Software Foundation | Apache HttpComponents | 高危 | - | 2025-04-24 11:44:26 | Deep Dive |
| CVE-2025-26413 | Apache Kvrocks: The server was crashed by the negative offset | Apache Software Foundation | Apache Kvrocks | 中危 | - | 2025-04-22 07:07:50 | Deep Dive |
| CVE-2025-29953 | Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass | Apache Software Foundation | Apache ActiveMQ NMS OpenWire Client | 中危 | - | 2025-04-18 15:23:32 | Deep Dive |
| CVE-2024-56736 | Apache HertzBeat: Server-Side Request Forgery (SSRF) in Api Config Oss | Apache Software Foundation | Apache HertzBeat | - | - | 2025-04-16 15:38:11 | Deep Dive |
| CVE-2025-21582 | Oracle E-Business Suite 安全漏洞 | Oracle Corporation | Oracle CRM Technical Foundation | Medium | 6.1 | 2025-04-15 20:30:56 | Deep Dive |
| CVE-2025-24859 | Apache Roller: Insufficient Session Expiration on Password Change | Apache Software Foundation | Apache Roller | - | - | 2025-04-14 08:18:55 | Deep Dive |
| CVE-2025-32077 | XSSes in Extension:SimpleCalendar | The Wikimedia Foundation | Mediawiki - Extension:SimpleCalendar | - | - | 2025-04-11 16:25:07 | Deep Dive |
| CVE-2025-32078 | XSSes and potential RCE in Special:VersionCompare | The Wikimedia Foundation | Mediawiki - Version Compare Extension | - | - | 2025-04-11 16:24:46 | Deep Dive |
| CVE-2025-32079 | Saving the right content to MediaWiki:GrowthMentors.json can take down the site | The Wikimedia Foundation | Mediawiki - GrowthExperiments | - | - | 2025-04-11 16:24:22 | Deep Dive |
| CVE-2025-32080 | Cross-origin data leak in mobilefrontend via lazy load images | The Wikimedia Foundation | Mediawiki - Mobile Frontend Extension | - | - | 2025-04-11 16:24:00 | Deep Dive |
| CVE-2025-32076 | Evil regex used to process user-provided data in VisualData | The Wikimedia Foundation | Mediawiki - Visual Data Extension | - | - | 2025-04-11 16:23:36 | Deep Dive |
| CVE-2025-32072 | HTML injection in feed output from i18n message | The Wikimedia Foundation | Mediawiki Core - Feed Utils | - | - | 2025-04-11 16:23:12 | Deep Dive |
| CVE-2025-32073 | System message XSS in HTMLTags | The Wikimedia Foundation | Mediawiki - HTML Tags | - | - | 2025-04-11 16:22:48 | Deep Dive |
| CVE-2025-32074 | XSSes in Extension:ConfirmAccount | The Wikimedia Foundation | Mediawiki - Confirm Account Extension | - | - | 2025-04-11 16:22:23 | Deep Dive |
| CVE-2025-32075 | IP and user agent leaks in Extension:Tabs | The Wikimedia Foundation | Mediawiki - Tabs Extension | - | - | 2025-04-11 16:22:00 | Deep Dive |
| CVE-2025-32067 | i18n XSS vulnerability in message growthexperiments | The Wikimedia Foundation | Mediawiki - Growth Experiments Extension | - | - | 2025-04-11 16:21:34 | Deep Dive |