| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-24783 | Apache Cocoon: continuations may not be private | Apache Software Foundation | Apache Cocoon | 中危 | - | 2025-01-27 14:47:43 | Deep Dive |
| CVE-2025-24814 | Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files | Apache Software Foundation | Apache Solr | 中危 | - | 2025-01-27 08:58:09 | Deep Dive |
| CVE-2024-52012 | Apache Solr: Configset upload on Windows allows arbitrary path write-access | Apache Software Foundation | Apache Solr | 中危 | - | 2025-01-27 08:54:43 | Deep Dive |
| CVE-2024-53299 | Apache Wicket: An attacker can intentionally trigger a memory leak | Apache Software Foundation | Apache Wicket | 高危 | - | 2025-01-23 08:37:06 | Deep Dive |
| CVE-2024-45479 | Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost | Apache Software Foundation | Apache Ranger | 中危 | - | 2025-01-21 21:26:17 | Deep Dive |
| CVE-2024-45478 | Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input | Apache Software Foundation | Apache Ranger | 中危 | - | 2025-01-21 21:25:58 | Deep Dive |
| CVE-2024-51941 | Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts | Apache Software Foundation | Apache Ambari | 高危 | - | 2025-01-21 21:24:23 | Deep Dive |
| CVE-2025-23196 | Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition | Apache Software Foundation | Apache Ambari | 高危 | - | 2025-01-21 21:23:41 | Deep Dive |
| CVE-2025-23195 | Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie | Apache Software Foundation | Apache Ambari | 高危 | - | 2025-01-21 21:22:33 | Deep Dive |
| CVE-2025-21506 | Oracle E-Business Suite 安全漏洞 | Oracle Corporation | Oracle Project Foundation | High | 8.1 | 2025-01-21 20:52:58 | Deep Dive |
| CVE-2025-23184 | Apache CXF: Denial of Service vulnerability with temporary files | Apache Software Foundation | Apache CXF | Medium | 5.9 | 2025-01-21 09:35:37 | Deep Dive |
| CVE-2025-22747 | WordPress Foundation Columns plugin <= 0.8 - Stored Cross Site Scripting (XSS) vulnerability | tormorten | Foundation Columns | Medium | 6.5 | 2025-01-15 15:23:31 | Deep Dive |
| CVE-2025-23074 | Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed) | Wikimedia Foundation | Mediawiki - SocialProfile Extension | 低危 | - | 2025-01-14 18:58:20 | Deep Dive |
| CVE-2025-23073 | API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter | Wikimedia Foundation | Mediawiki - GlobalBlocking Extension | 中危 | - | 2025-01-14 18:45:32 | Deep Dive |
| CVE-2025-23072 | XSS in Special:RefreshSpecial | Wikimedia Foundation | Mediawiki - RefreshSpecial Extension | 中危 | - | 2025-01-14 18:29:21 | Deep Dive |
| CVE-2025-23081 | Various security vulnerabilities in Extension:DataTransfer | Wikimedia Foundation | Mediawiki - DataTransfer Extension | 中危 | - | 2025-01-14 16:56:42 | Deep Dive |
| CVE-2025-23080 | XSSes in Special:BadgeView | Wikimedia Foundation | Mediawiki - OpenBadges Extension | 中危 | - | 2025-01-14 16:40:42 | Deep Dive |
| CVE-2024-45627 | Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability | Apache Software Foundation | Apache Linkis Metadata Query Service JDBC | 中危 | - | 2025-01-14 16:13:20 | Deep Dive |
| CVE-2025-22828 | Apache CloudStack: Unauthorised access to annotations | Apache Software Foundation | Apache CloudStack | 中危 | - | 2025-01-13 12:47:52 | Deep Dive |
| CVE-2021-29669 | IBM Jazz Foundation cross-site scripting | IBM | Jazz Foundation | Medium | 5.4 | 2025-01-12 01:30:06 | Deep Dive |