| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-68988 | WordPress E-Invoice App Malaysia plugin <= 1.3.0 - Sensitive Data Exposure vulnerability | o2oe | E-Invoice App Malaysia | Medium | 5.3 | 2025-12-30 10:47:50 | Deep Dive |
| CVE-2025-69206 | Hemmelig has SSRF Filter bypass in Secret Request functionality | HemmeligOrg | Hemmelig.app | Medium | 4.3 | 2025-12-29 15:55:13 | Deep Dive |
| CVE-2025-14553 | Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network | TP-Link Systems Inc. | TP-Link Tapo App | - | - | 2025-12-16 18:38:09 | Deep Dive |
| CVE-2025-13474 | IDOR in Menulux Software's Mobile App | Menulux Software Inc. | Mobile App | High | 7.5 | 2025-12-16 11:25:50 | Deep Dive |
| CVE-2025-14702 | Smartbit CommV Smartschool App be.smartschool.mobile.SplashActivity path traversal | Smartbit CommV | Smartschool App | Medium | 4.4 | 2025-12-15 03:32:07 | Deep Dive |
| CVE-2025-14699 | Municorn FAX App biz.faxapp.app path traversal | Municorn | FAX App | Medium | 5.3 | 2025-12-15 03:02:06 | Deep Dive |
| CVE-2025-14698 | atlaszz AI Photo Team Galleryit App gallery.photogallery.pictures.vault.album path traversal | atlaszz AI Photo Team | Galleryit App | Medium | 4.4 | 2025-12-15 02:32:07 | Deep Dive |
| CVE-2025-14617 | Jehovahs Witnesses JW Library App org.jw.jwlibrary.mobile.activity.SiloContainer path traversal | Jehovahs Witnesses | JW Library App | Medium | 5.3 | 2025-12-13 14:02:08 | Deep Dive |
| CVE-2025-12655 | Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write | hippooo | Hippoo Mobile App for WooCommerce | Medium | 5.3 | 2025-12-12 06:32:59 | Deep Dive |
| CVE-2025-14119 | App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | themebon | App Landing Template Blocks for WPBakery (Visual Composer) Page Builder | Medium | 6.4 | 2025-12-12 03:20:46 | Deep Dive |
| CVE-2025-14530 | SourceCodester Real Estate Property Listing App property.php unrestricted upload | SourceCodester | Real Estate Property Listing App | Medium | 4.7 | 2025-12-11 17:32:20 | Deep Dive |
| CVE-2025-65199 | Windscribe for Linux 'changeMTU' local privilege escalation | Windscribe | Windscribe for Linux Desktop App | High | 7.8 | 2025-12-10 18:04:36 | Deep Dive |
| CVE-2025-12046 | Lenovo App Store和Lenovo Browser 安全漏洞 | Lenovo | App Store | High | 7.8 | 2025-12-10 14:08:25 | Deep Dive |
| CVE-2025-13339 | Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read | hippooo | Hippoo Mobile App for WooCommerce | High | 7.5 | 2025-12-10 04:24:13 | Deep Dive |
| CVE-2025-64696 | Brother iPrint&Scan 安全漏洞 | Brother Industries, Ltd. | Android App "Brother iPrint&Scan" | - | - | 2025-12-09 08:16:37 | Deep Dive |
| CVE-2025-14111 | Rarlab RAR App com.rarlab.rar path traversal | Rarlab | RAR App | Medium | 5.0 | 2025-12-05 22:32:05 | Deep Dive |
| CVE-2025-66555 | AirKeyboard iOS App 1.0.5 - Remote Input Injection | airkeyboardapp | AirKeyboard iOS App | - | - | 2025-12-04 20:43:20 | Deep Dive |
| CVE-2025-12887 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 5.4 | 2025-12-03 12:29:54 | Deep Dive |
| CVE-2025-13876 | Rareprob HD Video Player All Formats App com.rocks.music.videoplayer path traversal | Rareprob | HD Video Player All Formats App | Medium | 5.3 | 2025-12-02 15:02:08 | Deep Dive |
| CVE-2025-59026 | Open-Xchange OX App Suite 安全漏洞 | Open-Xchange GmbH | OX App Suite | Medium | 5.4 | 2025-11-27 09:23:10 | Deep Dive |