| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12810 | Failure in Password Rotation and Check-in Mechanism in Secret Server Allows Reuse of Credentials | Delinea Inc. | Secret Server On-Prem | - | - | 2026-01-27 19:46:05 | Deep Dive |
| CVE-2020-36978 | Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting | Froxlor | Froxlor Froxlor Server Management Panel | Medium | 6.4 | 2026-01-27 18:51:04 | Deep Dive |
| CVE-2026-23864 | Meta React Server Components 安全漏洞 | Meta | react-server-dom-webpack | - | - | 2026-01-26 19:16:38 | Deep Dive |
| CVE-2025-57784 | Tomahawk authentication timing attack due to usage of 'strcmp' | Hiawatha | Hiawatha Web server | - | - | 2026-01-26 17:47:19 | Deep Dive |
| CVE-2025-57785 | Double free in XSLT in 'show_index' | Hiawatha | Hiawatha Web server | - | - | 2026-01-26 17:46:10 | Deep Dive |
| CVE-2025-57783 | Improper header parsing may lead to request smuggling | Hiawatha | Hiawatha Web server | - | - | 2026-01-26 17:45:37 | Deep Dive |
| CVE-2025-41083 | Improper Neutralization in Altitude Communication Server | Altitude | Altitude Communication Server | - | - | 2026-01-26 09:42:43 | Deep Dive |
| CVE-2025-41082 | HTTP Request/Response Smuggling in Altitude Communication Server | Altitude | Altitude Communication Server | - | - | 2026-01-26 09:24:21 | Deep Dive |
| CVE-2026-24469 | C++ HTTP Server has Critical Path Traversal Vulnerability in RequestHandler Allowing Arbitrary File Read | frustratedProton | http-server | High | 7.5 | 2026-01-24 01:50:24 | Deep Dive |
| CVE-2021-47903 | LiteSpeed Web Server Enterprise 5.4.11 - Command Injection | LiteSpeed Technologies Inc | LiteSpeed Web Server Enterprise | High | 8.8 | 2026-01-23 16:47:43 | Deep Dive |
| CVE-2026-0758 | mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability | mcp-server-siri-shortcuts | mcp-server-siri-shortcuts | 高危 | - | 2026-01-23 03:28:04 | Deep Dive |
| CVE-2026-0756 | github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability | github-kanban-mcp-server | github-kanban-mcp-server | 超危 | - | 2026-01-23 03:26:23 | Deep Dive |
| CVE-2025-15061 | Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability | Framelink | Figma MCP Server | 超危 | - | 2026-01-23 03:20:19 | Deep Dive |
| CVE-2025-15063 | Ollama MCP Server execAsync Command Injection Remote Code Execution Vulnerability | Ollama MCP Server | Ollama MCP Server | 超危 | - | 2026-01-23 02:47:33 | Deep Dive |
| CVE-2026-20912 | Gitea: Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment Disclosure | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:52 | Deep Dive |
| CVE-2026-20904 | Gitea: Broken access control in OpenID visibility toggle enables cross-user visibility changes | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:52 | Deep Dive |
| CVE-2026-20897 | Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR) | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:52 | Deep Dive |
| CVE-2026-20883 | Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:51 | Deep Dive |
| CVE-2026-20888 | Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass) | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:51 | Deep Dive |
| CVE-2026-20750 | Gitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR) | Gitea | Gitea Open Source Git Server | - | - | 2026-01-22 22:01:50 | Deep Dive |