| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14523 | Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) | Red Hat | Red Hat Enterprise Linux 10 | High | 8.2 | 2025-12-11 12:30:59 | Deep Dive |
| CVE-2025-42928 | Deserialization Vulnerability in SAP jConnect - SDK for ASE | SAP_SE | SAP jConnect - SDK for ASE | Critical | 9.1 | 2025-12-09 02:15:45 | Deep Dive |
| CVE-2025-42896 | Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform | SAP_SE | SAP BusinessObjects Business Intelligence Platform | Medium | 5.4 | 2025-12-09 02:15:28 | Deep Dive |
| CVE-2025-42891 | Missing Authorization check in SAP Enterprise Search for ABAP | SAP_SE | SAP Enterprise Search for ABAP | Medium | 5.5 | 2025-12-09 02:15:19 | Deep Dive |
| CVE-2025-42880 | Code Injection vulnerability in SAP Solution Manager | SAP_SE | SAP Solution Manager | Critical | 9.9 | 2025-12-09 02:15:09 | Deep Dive |
| CVE-2025-42878 | Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM) | SAP_SE | SAP Web Dispatcher and Internet Communication Manager (ICM) | High | 8.2 | 2025-12-09 02:15:00 | Deep Dive |
| CVE-2025-42877 | Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server | SAP_SE | SAP Web Dispatcher, Internet Communication Manager and SAP Content Server | High | 7.5 | 2025-12-09 02:14:51 | Deep Dive |
| CVE-2025-42876 | Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger) | SAP_SE | SAP S/4 HANA Private Cloud (Financials General Ledger) | High | 7.1 | 2025-12-09 02:14:41 | Deep Dive |
| CVE-2025-42875 | Missing Authentication check in SAP NetWeaver Internet Communication Framework | SAP_SE | SAP NetWeaver Internet Communication Framework | Medium | 6.6 | 2025-12-09 02:14:30 | Deep Dive |
| CVE-2025-42874 | Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius) | SAP_SE | SAP NetWeaver (remote service for Xcelsius) | High | 7.9 | 2025-12-09 02:14:20 | Deep Dive |
| CVE-2025-42872 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal | SAP_SE | SAP NetWeaver Enterprise Portal | Medium | 6.1 | 2025-12-09 02:13:56 | Deep Dive |
| CVE-2025-66287 | Webkitgtk: processing maliciously crafted web content may lead to an unexpected process crash | The WebKitGTK Team | WebKitGTK | High | 8.8 | 2025-12-04 16:48:31 | Deep Dive |
| CVE-2025-13947 | Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop | The WebKitGTK Team | webkitgtk | High | 7.4 | 2025-12-03 09:46:00 | Deep Dive |
| CVE-2025-13601 | Glib: integer overflow in in g_escape_uri_string() | - | - | High | 7.7 | 2025-11-26 14:44:23 | Deep Dive |
| CVE-2025-13502 | Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos | The WebKitGTK Team | webkitgtk | High | 7.5 | 2025-11-25 08:02:26 | Deep Dive |
| CVE-2025-13609 | Keylime: keylime: registrar allows identity takeover via duplicate uuid registration | Keylime Project | keylime | High | 8.2 | 2025-11-24 18:08:56 | Deep Dive |
| CVE-2025-10703 | Progress多款产品 代码注入漏洞 | Progress | DataDirect Connect for JDBC for Amazon Redshift | - | - | 2025-11-19 15:47:08 | Deep Dive |
| CVE-2025-10702 | Progress多款产品 代码注入漏洞 | Progress | DataDirect Connect for JDBC for Amazon Redshift | - | - | 2025-11-19 15:46:27 | Deep Dive |
| CVE-2025-61662 | Grub2: missing unregister call for gettext command may lead to use-after-free | GNU | grub2 | High | 7.8 | 2025-11-18 18:20:48 | Deep Dive |
| CVE-2025-59089 | Python-kdcproxy: remote dos via unbounded tcp upstream buffering | latchset | kdcproxy | Medium | 5.9 | 2025-11-12 16:40:51 | Deep Dive |