| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12045 | Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy | themeisle | Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More | Medium | 6.4 | 2025-11-04 11:19:28 | Deep Dive |
| CVE-2025-62229 | Xorg: xmayland: use-after-free in xpresentnotify structure creation | X.Org | Xwayland | High | 7.3 | 2025-10-30 05:28:48 | Deep Dive |
| CVE-2025-62230 | Xorg: xwayland: use-after-free in xkb client resource removal | X.Org | Xwayland | High | 7.3 | 2025-10-30 05:19:40 | Deep Dive |
| CVE-2025-62231 | Xorg: xmayland: value overflow in xkbsetcompatmap() | X.Org | Xwayland | High | 7.3 | 2025-10-30 05:08:32 | Deep Dive |
| CVE-2025-64284 | WordPress Majestic Support plugin <= 1.0.7 - Local File Inclusion vulnerability | Majestic Support | Majestic Support | - | - | 2025-10-29 08:38:13 | Deep Dive |
| CVE-2025-11576 | AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant <= 1.6.5 - Unauthenticated CSV Injection | newcodebyte | AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant | Medium | 4.3 | 2025-10-24 12:29:57 | Deep Dive |
| CVE-2025-10874 | Orbit Fox < 3.0.2 - Author+ Server-Side Request Forgery | Unknown | Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More | 中危 | - | 2025-10-24 06:00:09 | Deep Dive |
| CVE-2025-12105 | Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion | GNOME | libsoup | High | 7.5 | 2025-10-23 09:14:14 | Deep Dive |
| CVE-2025-26861 | RSUPPORT RemoteCall Remote Support Program 代码问题漏洞 | RSUPPORT CO., LTD. | RemoteCall Remote Support Program (for Operator) | - | - | 2025-10-15 06:07:01 | Deep Dive |
| CVE-2025-26860 | RSUPPORT RemoteCall Remote Support Program 代码问题漏洞 | RSUPPORT CO., LTD. | RemoteCall Remote Support Program (for Operator) | - | - | 2025-10-15 06:06:42 | Deep Dive |
| CVE-2025-11561 | Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems | - | - | High | 8.8 | 2025-10-09 13:37:53 | Deep Dive |
| CVE-2025-11234 | Qemu-kvm: vnc websocket handshake use-after-free | - | - | High | 7.5 | 2025-10-03 10:30:34 | Deep Dive |
| CVE-2025-10578 | HP Support Assistant - Potential Escalation of Privilege | HP Inc. | HP Support Assistant | - | - | 2025-10-01 18:44:50 | Deep Dive |
| CVE-2025-7493 | Freeipa: idm: privilege escalation from host to domain admin in freeipa | Red Hat | Red Hat Enterprise Linux 10 | Critical | 9.1 | 2025-09-30 15:06:47 | Deep Dive |
| CVE-2025-11021 | Libsoup: out-of-bounds read in cookie date handling of libsoup http library | - | - | High | 7.5 | 2025-09-26 08:36:19 | Deep Dive |
| CVE-2025-60157 | WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - Cross Site Scripting (XSS) Vulnerability | emarket-design | WP Ticket Customer Service Software & Support Ticket System | Medium | 6.5 | 2025-09-26 08:31:57 | Deep Dive |
| CVE-2025-9900 | Libtiff: libtiff write-what-where | - | - | High | 8.8 | 2025-09-23 16:26:23 | Deep Dive |
| CVE-2025-57972 | WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability | WPFactory | Helpdesk Support Ticket System for WooCommerce | Medium | 4.3 | 2025-09-22 18:24:36 | Deep Dive |
| CVE-2025-58662 | WordPress Awesome Support plugin <= 6.3.5 - Deserialization of untrusted data vulnerability | awesomesupport | Awesome Support | High | 7.2 | 2025-09-22 18:23:01 | Deep Dive |
| CVE-2025-58688 | WordPress Casengo Live Chat Support Plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) Vulnerability | Casengo | Casengo Live Chat Support | High | 7.1 | 2025-09-22 18:22:42 | Deep Dive |