| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-1132 | Keycloak: path transversal in redirection validation | - | - | High | 8.1 | 2024-04-17 13:21:19 | Deep Dive |
| CVE-2024-21100 | Oracle Commerce 的 Oracle Commerce Platform 安全漏洞 | Oracle Corporation | Commerce Platform | Medium | 4.0 | 2024-04-16 21:26:32 | Deep Dive |
| CVE-2024-21067 | Oracle Enterprise Manager Base Platform 安全漏洞 | Oracle Corporation | Enterprise Manager Base Platform | High | 8.8 | 2024-04-16 21:26:21 | Deep Dive |
| CVE-2024-3720 | Tianwell Fire Intelligent Command Platform API Interface page sql injection | Tianwell | Fire Intelligent Command Platform | Medium | 6.3 | 2024-04-13 11:31:04 | Deep Dive |
| CVE-2024-1957 | GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | Medium | 6.4 | 2024-04-13 01:57:48 | Deep Dive |
| CVE-2024-3688 | Xiamen Four-Faith RMP Router Management Platform sql injection | Xiamen Four-Faith | RMP Router Management Platform | Medium | 6.3 | 2024-04-12 14:00:08 | Deep Dive |
| CVE-2024-31997 | XWiki Platform remote code execution from account through UIExtension parameters | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 21:55:43 | Deep Dive |
| CVE-2024-31988 | XWiki Platform CSRF remote code execution through the realtime HTML Converter API | xwiki | xwiki-platform | Critical | 9.6 | 2024-04-10 20:40:37 | Deep Dive |
| CVE-2024-31987 | XWiki Platform remote code execution from account via custom skins support | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 20:32:39 | Deep Dive |
| CVE-2024-31986 | XWiki Platform CSRF remote code execution through scheduler job's document reference | xwiki | xwiki-platform | Critical | 9.0 | 2024-04-10 20:27:30 | Deep Dive |
| CVE-2024-31985 | XWiki Platform CSRF in the job scheduler | xwiki | xwiki-platform | Medium | 5.4 | 2024-04-10 20:11:53 | Deep Dive |
| CVE-2024-31984 | XWiki Platform: Remote code execution through space title and Solr space facet | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 19:53:51 | Deep Dive |
| CVE-2024-31983 | XWiki Platform: Remote code execution from edit in multilingual wikis via translations | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 19:44:49 | Deep Dive |
| CVE-2024-31982 | XWiki Platform: Remote code execution as guest via DatabaseSearch | xwiki | xwiki-platform | Critical | 10.0 | 2024-04-10 19:38:02 | Deep Dive |
| CVE-2024-31981 | XWiki Platform: Privilege escalation (PR) from user registration through PDFClass | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 19:22:57 | Deep Dive |
| CVE-2024-31465 | XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet | xwiki | xwiki-platform | Critical | 9.9 | 2024-04-10 19:12:36 | Deep Dive |
| CVE-2024-31464 | XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted | xwiki | xwiki-platform | Medium | 6.8 | 2024-04-10 18:14:37 | Deep Dive |
| CVE-2023-6236 | Eap: oidc app attempting to access the second tenant, the user should be prompted to log | Red Hat | Red Hat JBoss Enterprise Application Platform 8 | High | 7.3 | 2024-04-10 01:04:54 | Deep Dive |
| CVE-2024-3521 | Byzoro Smart S80 Management Platform userattestation.php unrestricted upload | Byzoro | Smart S80 Management Platform | Medium | 4.7 | 2024-04-09 22:31:05 | Deep Dive |
| CVE-2024-1424 | GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | Medium | 6.4 | 2024-04-09 18:59:19 | Deep Dive |