| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-32068 | Revoking authorization of OAuth2 consumer does not invalidate refresh tokens | The Wikimedia Foundation | Mediawiki - OAuth Extension | - | - | 2025-04-11 16:21:12 | Deep Dive |
| CVE-2025-32069 | Wikitext stored XSS on filepages due to dangerous WBMI serialization | The Wikimedia Foundation | Mediawiki - Wikibase Media Info Extension | - | - | 2025-04-11 16:20:49 | Deep Dive |
| CVE-2025-32070 | XSSes in AJAXPoll | The Wikimedia Foundation | Mediawiki - AJAX Poll Extension | - | - | 2025-04-11 16:20:24 | Deep Dive |
| CVE-2025-32071 | Wikibase CommonsInlineImageFormatter: i18n XSS | The Wikimedia Foundation | Mediawiki - Wikidata Extension | - | - | 2025-04-11 16:19:46 | Deep Dive |
| CVE-2025-32700 | AbuseFilter log interfaces expose global private and hidden filters when central DB is not available | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:31:03 | Deep Dive |
| CVE-2025-32699 | Potential javascript injection attack enabled by Unicode normalization in Action API | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:30:24 | Deep Dive |
| CVE-2025-32698 | LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:29:52 | Deep Dive |
| CVE-2025-32697 | Cascading protection is not preventing file reversions | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:29:17 | Deep Dive |
| CVE-2025-32696 | "reupload-own" restriction can be bypassed by reverting file | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:28:48 | Deep Dive |
| CVE-2025-3469 | i18n XSS vulnerability in HTMLMultiSelectField when sections are used | Wikimedia Foundation | MediaWiki | - | - | 2025-04-10 18:28:13 | Deep Dive |
| CVE-2025-27391 | Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log | Apache Software Foundation | Apache ActiveMQ Artemis | 中危 | - | 2025-04-09 14:42:33 | Deep Dive |
| CVE-2025-31672 | Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names | Apache Software Foundation | Apache POI | 中危 | - | 2025-04-09 11:59:34 | Deep Dive |
| CVE-2025-30677 | Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors | Apache Software Foundation | Apache Pulsar IO Kafka Connector | - | - | 2025-04-09 11:58:12 | Deep Dive |
| CVE-2025-30473 | Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection | Apache Software Foundation | Apache Airflow Common SQL Provider | - | - | 2025-04-07 08:31:57 | Deep Dive |
| CVE-2025-2259 | Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow | Eclipse Foundation | ThreadX | - | - | 2025-04-06 19:01:20 | Deep Dive |
| CVE-2025-2260 | Eclipse ThreadX NetX Duo HTTP component server denial of service | Eclipse Foundation | ThreadX | - | - | 2025-04-06 18:56:35 | Deep Dive |
| CVE-2025-2258 | Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow | Eclipse Foundation | ThreadX | - | - | 2025-04-06 18:50:43 | Deep Dive |
| CVE-2024-53868 | Apache Traffic Server: Malformed chunked message body allows request smuggling | Apache Software Foundation | Apache Traffic Server | - | - | 2025-04-03 08:59:03 | Deep Dive |
| CVE-2024-39780 | Use of unsafe yaml load in dynparam | Open Source Robotics Foundation | Robot Operating System (ROS) | High | 7.8 | 2025-04-02 07:31:58 | Deep Dive |
| CVE-2025-30676 | Apache OFBiz: Stored XSS Vulnerability | Apache Software Foundation | Apache OFBiz | 中危 | - | 2025-04-01 14:43:50 | Deep Dive |