| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-22701 | filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock | tox-dev | filelock | Medium | 5.3 | 2026-01-10 05:59:29 | Deep Dive |
| CVE-2026-0719 | Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication | Red Hat | Red Hat Enterprise Linux 10 | High | 8.6 | 2026-01-08 12:38:31 | Deep Dive |
| CVE-2025-67913 | WordPress Aruba HiSpeed Cache plugin < 3.0.3 - Broken Access Control vulnerability | Aruba.it Dev | Aruba HiSpeed Cache | Medium | 6.5 | 2026-01-08 09:17:45 | Deep Dive |
| CVE-2025-11157 | Arbitrary Code Execution in feast-dev/feast | feast-dev | feast-dev/feast | 高危 | - | 2026-01-01 07:03:57 | Deep Dive |
| CVE-2025-68475 | Fedify has ReDoS Vulnerability in HTML Parsing Regex | fedify-dev | fedify | High | 7.5 | 2025-12-22 21:31:20 | Deep Dive |
| CVE-2025-68146 | filelock has TOCTOU race condition that allows symlink attacks during lock file creation | tox-dev | filelock | Medium | 6.3 | 2025-12-16 18:10:55 | Deep Dive |
| CVE-2025-66482 | Misskey has a login rate limit bypass via spoofed X-Forwarded-For header | misskey-dev | misskey | - | - | 2025-12-15 23:18:37 | Deep Dive |
| CVE-2025-66402 | misskey.js's export data contains private post data | misskey-dev | misskey | - | - | 2025-12-15 23:09:58 | Deep Dive |
| CVE-2025-66446 | MaxKB has a Python sandbox LD_PRELOAD bypass | 1Panel-dev | MaxKB | High | 8.8 | 2025-12-11 21:47:22 | Deep Dive |
| CVE-2025-66419 | MaxKB vulnerable to privilege escalation through sandbox bypass | 1Panel-dev | MaxKB | High | 8.8 | 2025-12-11 21:39:15 | Deep Dive |
| CVE-2025-66508 | 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers | 1Panel-dev | 1Panel | Medium | 6.5 | 2025-12-09 01:37:10 | Deep Dive |
| CVE-2025-66507 | 1Panel – CAPTCHA Bypass via Client-Controlled Flag | 1Panel-dev | 1Panel | High | 7.5 | 2025-12-09 01:25:48 | Deep Dive |
| CVE-2025-57850 | Codeready-ws: privilege escalation via excessive /etc/passwd permissions | Red Hat | Red Hat OpenShift Dev Spaces | Medium | 6.4 | 2025-12-02 18:53:36 | Deep Dive |
| CVE-2025-66040 | Spotipy has a XSS vulnerability in OAuth callback server | spotipy-dev | spotipy | Low | 3.6 | 2025-11-26 23:14:45 | Deep Dive |
| CVE-2025-65026 | esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript | esm-dev | esm.sh | Medium | 6.1 | 2025-11-19 17:33:11 | Deep Dive |
| CVE-2025-65025 | esm.sh CDN service has arbitrary file write via tarslip | esm-dev | esm.sh | High | 8.2 | 2025-11-19 17:32:47 | Deep Dive |
| CVE-2025-64703 | MaxKB has Information Leak in sandbox | 1Panel-dev | MaxKB | Medium | 6.3 | 2025-11-13 15:52:44 | Deep Dive |
| CVE-2025-64511 | MaxKB has SSRF in sandbox | 1Panel-dev | MaxKB | High | 7.4 | 2025-11-13 15:51:54 | Deep Dive |
| CVE-2025-64323 | kgateway is missing xDS authorization | kgateway-dev | kgateway | Medium | 5.3 | 2025-11-07 03:18:49 | Deep Dive |
| CVE-2025-22288 | WordPress Smush Image Compression and Optimization plugin <= 3.17.0 - Directory Traversal vulnerability | WPMU DEV - Your All-in-One WordPress Platform | Smush Image Compression and Optimization | 中危 | - | 2025-11-06 15:53:18 | Deep Dive |