| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-67711 | Reflected XSS vulnerability in ArcGIS Server. | Esri | ArcGIS Server | Medium | 6.1 | 2025-12-31 22:18:57 | Deep Dive |
| CVE-2025-67710 | Stored XSS vulnerability in ArcGIS Server | Esri | ArcGIS Server | Medium | 6.1 | 2025-12-31 22:18:17 | Deep Dive |
| CVE-2025-67709 | There is a cross site scripting issue in ArcGIS Server. | Esri | ArcGIS Server | Medium | 6.1 | 2025-12-31 22:17:41 | Deep Dive |
| CVE-2025-67708 | Reflected cross-site scripting (XSS) vulnerability in ArcGIS Server. | Esri | ArcGIS Server | Medium | 6.1 | 2025-12-31 22:17:09 | Deep Dive |
| CVE-2025-67707 | Unvalidated File Upload vulnerability in ArcGIS Server. | Esri | ArcGIS Server | Medium | 5.6 | 2025-12-31 22:16:15 | Deep Dive |
| CVE-2025-67706 | Unvalidated File Upload vulnerability in ArcGIS Server. | Esri | ArcGIS Server | Medium | 5.6 | 2025-12-31 22:15:44 | Deep Dive |
| CVE-2025-67705 | Reflected XSS vulnerability in ArcGIS Server. | Esri | ArcGIS Server | Medium | 6.1 | 2025-12-31 22:15:05 | Deep Dive |
| CVE-2025-67704 | Stored XSS vulnerability in ArcGIS Server. | Esri | ArcGIS Server | Medium | 6.1 | 2025-12-31 22:14:32 | Deep Dive |
| CVE-2025-67703 | Stored XSS vulnerability in ArcGIS Server. | Esri | ArcGIS Server | Medium | 6.1 | 2025-12-31 22:13:13 | Deep Dive |
| CVE-2025-15135 | joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAuthenticateWithCookies improper authentication | joey-zhou | xiaozhi-esp32-server-java | Medium | 6.3 | 2025-12-28 12:02:07 | Deep Dive |
| CVE-2025-15097 | Alteryx Server status improper authentication | Alteryx | Server | High | 7.3 | 2025-12-26 02:32:06 | Deep Dive |
| CVE-2025-68936 | ONLYOFFICE Docs 跨站脚本漏洞 | ONLYOFFICE | Document Server | Medium | 6.4 | 2025-12-25 20:07:56 | Deep Dive |
| CVE-2025-68935 | ONLYOFFICE Docs 跨站脚本漏洞 | ONLYOFFICE | Document Server | Medium | 6.4 | 2025-12-25 20:05:49 | Deep Dive |
| CVE-2025-68917 | ONLYOFFICE Docs 跨站脚本漏洞 | ONLYOFFICE | Document Server | Medium | 6.4 | 2025-12-24 20:19:25 | Deep Dive |
| CVE-2025-14501 | Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability | Sante | PACS Server | - | - | 2025-12-23 21:18:40 | Deep Dive |
| CVE-2023-53965 | SOUND4 Server Service 4.1.102 Local Privilege Escalation via Unquoted Service Path | SOUND4 Ltd. | SOUND4 Server Service | High | 8.4 | 2025-12-22 21:35:30 | Deep Dive |
| CVE-2025-14847 | Zlib compressed protocol header length confusion may allow memory read | MongoDB Inc. | MongoDB Server | High | 7.5 | 2025-12-19 11:00:22 | Deep Dive |
| CVE-2025-13008 | Session Token Disclosure in M-Files Web | M-Files Corporation | M-Files Server | - | - | 2025-12-19 07:04:20 | Deep Dive |
| CVE-2025-14267 | Unintended temporary cached data included in a structure only copy intended to be empty of data | M-Files Corporation | M-Files Server | - | - | 2025-12-19 06:15:10 | Deep Dive |
| CVE-2025-62004 | BullWall Server Intrusion Protection (SIP) initialization race condition | BullWall | Server Intrusion Protection | High | 7.5 | 2025-12-18 20:36:13 | Deep Dive |