| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-23079 | XSSes in Extension:ArticleFeedbackv5 | Wikimedia Foundation | Mediawiki - ArticleFeedbackv5 extension | 中危 | - | 2025-01-10 19:03:15 | Deep Dive |
| CVE-2025-23078 | XSS in BreadCrumbs2 | Wikimedia Foundation | Mediawiki - Breadcrumbs2 extension | 中危 | - | 2025-01-10 17:57:21 | Deep Dive |
| CVE-2024-45033 | Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli | Apache Software Foundation | Apache Airflow Fab Provider | 高危 | - | 2025-01-08 08:41:40 | Deep Dive |
| CVE-2024-54676 | Apache OpenMeetings: Deserialisation of untrusted data in cluster mode | Apache Software Foundation | Apache OpenMeetings | 超危 | - | 2025-01-08 08:40:04 | Deep Dive |
| CVE-2025-22215 | VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215) | VMware | VMware Aria Automation | Medium | 4.3 | 2025-01-08 06:43:32 | Deep Dive |
| CVE-2024-12426 | URL fetching can be used to exfiltrate arbitrary INI file values and environment variables | The Document Foundation | LibreOffice | 中危 | - | 2025-01-07 12:22:33 | Deep Dive |
| CVE-2024-12425 | Path traversal leading to arbitrary .ttf file write | The Document Foundation | LibreOffice | 低危 | - | 2025-01-07 11:15:08 | Deep Dive |
| CVE-2024-41780 | IBM Jazz Foundation information disclosure | IBM | Jazz Foundation | Medium | 4.2 | 2025-01-03 14:38:37 | Deep Dive |
| CVE-2024-5591 | IBM Jazz Foundation information disclosure | IBM | Jazz Foundation | Medium | 4.3 | 2025-01-03 14:33:52 | Deep Dive |
| CVE-2024-56512 | Apache NiFi: Missing Complete Authorization for Parameter and Service References | Apache Software Foundation | Apache NiFi | 中危 | - | 2024-12-28 16:18:46 | Deep Dive |
| CVE-2024-52046 | Apache MINA: MINA applications using unbounded deserialization may allow RCE | Apache Software Foundation | Apache MINA | 高危 | - | 2024-12-25 10:06:24 | Deep Dive |
| CVE-2024-43441 | Apache HugeGraph-Server: Fixed JWT Token(Secret) | Apache Software Foundation | Apache HugeGraph-Server | 高危 | - | 2024-12-24 11:59:59 | Deep Dive |
| CVE-2024-45387 | Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments | Apache Software Foundation | Apache Traffic Control | Critical | 9.9 | 2024-12-23 15:30:14 | Deep Dive |
| CVE-2024-23945 | Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails | Apache Software Foundation | Apache Hive | 中危 | - | 2024-12-23 15:26:54 | Deep Dive |
| CVE-2024-56337 | Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete | Apache Software Foundation | Apache Tomcat | 超危 | - | 2024-12-20 15:28:55 | Deep Dive |
| CVE-2024-56128 | Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption | Apache Software Foundation | Apache Kafka | 中危 | - | 2024-12-18 13:38:03 | Deep Dive |
| CVE-2024-54677 | Apache Tomcat: DoS in examples web application | Apache Software Foundation | Apache Tomcat | 中危 | - | 2024-12-17 12:35:51 | Deep Dive |
| CVE-2024-50379 | Apache Tomcat: RCE due to TOCTOU issue in JSP compilation | Apache Software Foundation | Apache Tomcat | 高危 | - | 2024-12-17 12:34:55 | Deep Dive |
| CVE-2024-49775 | Siemens Opcenter Execution Foundation 安全漏洞 | Siemens | Opcenter Execution Foundation | Critical | 9.8 | 2024-12-16 15:06:05 | Deep Dive |
| CVE-2024-55633 | Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access | Apache Software Foundation | Apache Superset | 中危 | - | 2024-12-12 14:36:02 | Deep Dive |