| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-10849 | Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions | RiceTheme | Felan Framework | Medium | 5.3 | 2025-10-16 06:47:31 | Deep Dive |
| CVE-2025-10850 | Felan Framework <= 1.1.4 - Hardcoded Credentials | RiceTheme | Felan Framework | Critical | 9.8 | 2025-10-16 06:47:30 | Deep Dive |
| CVE-2025-55248 | .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability | Microsoft | .NET 8.0 | Medium | 4.8 | 2025-10-14 17:00:59 | Deep Dive |
| CVE-2025-6388 | Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation | Theme-Spirit | Spirit Framework | Critical | 9.8 | 2025-10-03 08:23:50 | Deep Dive |
| CVE-2025-41249 | CVE-2025-41249: Spring Framework Annotation Detection Vulnerability | VMware | Spring Framework | High | 7.5 | 2025-09-16 10:15:34 | Deep Dive |
| CVE-2025-59056 | FreePBX vulnerable to unauthenticated Denial of Service | FreePBX | framework | - | - | 2025-09-15 21:04:08 | Deep Dive |
| CVE-2025-55211 | FreePBX Post-Authenticated Command Injection | FreePBX | framework | - | - | 2025-09-15 21:00:14 | Deep Dive |
| CVE-2025-10269 | Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion | Theme-Spirit | Spirit Framework | High | 7.5 | 2025-09-12 02:24:33 | Deep Dive |
| CVE-2025-9467 | Possibility to bypass file upload validation on the server-side | vaadin | vaadin | - | - | 2025-09-04 06:15:47 | Deep Dive |
| CVE-2025-58162 | MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction | MobSF | Mobile-Security-Framework-MobSF | Medium | 6.5 | 2025-09-02 00:46:07 | Deep Dive |
| CVE-2025-58161 | MobSF Path Traversal in GET /download/<filename> using absolute filenames | MobSF | Mobile-Security-Framework-MobSF | - | - | 2025-09-02 00:45:50 | Deep Dive |
| CVE-2025-49402 | WordPress Exertio Framework Plugin <= 1.3.3 - SQL Injection Vulnerability | scriptsbundle | Exertio Framework | High | 8.5 | 2025-08-28 12:37:14 | Deep Dive |
| CVE-2025-23315 | NVIDIA Nemo Framework 代码注入漏洞 | NVIDIA | NeMo Framework | High | 7.8 | 2025-08-26 18:30:49 | Deep Dive |
| CVE-2025-23314 | NVIDIA Nemo Framework 代码注入漏洞 | NVIDIA | NeMo Framework | High | 7.8 | 2025-08-26 18:30:29 | Deep Dive |
| CVE-2025-23313 | NVIDIA Nemo Framework 代码注入漏洞 | NVIDIA | NeMo Framework | High | 7.8 | 2025-08-26 18:30:11 | Deep Dive |
| CVE-2025-23312 | NVIDIA NeMo Framework 注入漏洞 | NVIDIA | NeMo Framework | High | 7.8 | 2025-08-26 18:29:30 | Deep Dive |
| CVE-2025-49428 | WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability | Dourou | Spirit Framework | High | 7.5 | 2025-08-20 08:03:41 | Deep Dive |
| CVE-2025-41242 | CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers | VMware | Spring Framework | Medium | 5.9 | 2025-08-18 08:47:07 | Deep Dive |
| CVE-2025-23304 | NVIDIA NeMo library 路径遍历漏洞 | NVIDIA | NVIDIA NeMo Framework | High | 7.8 | 2025-08-13 17:16:13 | Deep Dive |
| CVE-2025-23303 | NVIDIA NeMo Framework 代码问题漏洞 | NVIDIA | NVIDIA NeMo Framework | High | 7.8 | 2025-08-13 17:15:38 | Deep Dive |