| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2018-25143 | Microhard Systems IPn4G 1.1.0 Backdoor Jailbreak via Microhard Sh Service | Microhard Systems | Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak | High | 8.8 | 2025-12-24 19:27:49 | Deep Dive |
| CVE-2025-14164 | Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update | edckwt | Quran Gateway | Medium | 4.3 | 2025-12-20 03:20:22 | Deep Dive |
| CVE-2025-66131 | WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.11 - Broken Access Control vulnerability | yaadsarig | Yaad Sarig Payment Gateway For WC | Medium | 5.3 | 2025-12-16 08:12:54 | Deep Dive |
| CVE-2025-12883 | Campay Woocommerce Payment Gateway <= 1.2.2 - Unauthenticated Payment Bypass | campay | Campay Woocommerce Payment Gateway | Medium | 5.3 | 2025-12-12 03:20:43 | Deep Dive |
| CVE-2025-63023 | WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.53 - Broken Access Control vulnerability | Easy Payment | Payment Gateway for PayPal on WooCommerce | Medium | 5.3 | 2025-12-09 14:52:28 | Deep Dive |
| CVE-2025-63015 | WordPress WooCommerce Payment Gateway – Paysera plugin <= 3.10.0 - Broken Access Control vulnerability | paysera | WooCommerce Payment Gateway - Paysera | Medium | 4.3 | 2025-12-09 14:52:28 | Deep Dive |
| CVE-2025-62870 | WordPress Eupago Gateway For Woocommerce plugin <= 4.7.1 - Broken Access Control vulnerability | Eupago | Eupago Gateway For Woocommerce | - | - | 2025-12-09 14:52:24 | Deep Dive |
| CVE-2025-64443 | DNS Rebinding vulnerability present when running MCP Gateway in sse or streaming mode | docker | mcp-gateway | - | - | 2025-12-03 17:41:59 | Deep Dive |
| CVE-2025-20389 | Improper Input Validation in "label" column field in Splunk Secure Gateway App | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-12-03 17:00:55 | Deep Dive |
| CVE-2025-20383 | Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-12-03 17:00:36 | Deep Dive |
| CVE-2025-66405 | Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host | Portkey-AI | gateway | - | - | 2025-12-01 22:25:36 | Deep Dive |
| CVE-2025-41739 | CODESYS Control - Linux/QNX SysSocket flaw | CODESYS | CODESYS PLCHandler | Medium | 5.9 | 2025-12-01 10:00:44 | Deep Dive |
| CVE-2025-64657 | Azure Application Gateway Elevation of Privilege Vulnerability | Microsoft | Azure App Gateway | Critical | 9.8 | 2025-11-26 00:20:52 | Deep Dive |
| CVE-2025-64656 | Azure Application Gateway Elevation of Privilege Vulnerability | Microsoft | Azure App Gateway | Critical | 9.4 | 2025-11-26 00:20:07 | Deep Dive |
| CVE-2025-36134 | IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure | IBM | Sterling B2B Integrator | Low | 3.7 | 2025-11-25 14:40:56 | Deep Dive |
| CVE-2025-13558 | Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing | pr-gateway | Blog2Social: Social Media Auto Post & Scheduler | Medium | 5.4 | 2025-11-25 04:38:00 | Deep Dive |
| CVE-2025-36112 | IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure | IBM | Sterling B2B Integrator | Medium | 5.3 | 2025-11-24 18:25:03 | Deep Dive |
| CVE-2025-9312 | Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products | WSO2 | WSO2 API Manager | Critical | 9.8 | 2025-11-18 12:05:22 | Deep Dive |
| CVE-2025-6670 | Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services | WSO2 | WSO2 Open Banking AM | High | 8.8 | 2025-11-18 11:28:37 | Deep Dive |
| CVE-2025-12392 | Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update | tripleatechnology | Cryptocurrency Payment Gateway for WooCommerce | Medium | 5.3 | 2025-11-18 09:27:39 | Deep Dive |