| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-62596 | youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects | youki-dev | youki | 中危 | - | 2025-11-05 23:14:37 | Deep Dive |
| CVE-2025-62161 | youki container escape via "masked path" abuse due to mount race conditions | youki-dev | youki | 中危 | - | 2025-11-05 23:09:09 | Deep Dive |
| CVE-2025-62048 | WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability | WPMU DEV - Your All-in-One WordPress Platform | SmartCrawl | Medium | 5.4 | 2025-10-22 14:32:52 | Deep Dive |
| CVE-2025-62379 | Open Redirect in reflex-dev/reflex | reflex-dev | reflex | Low | 3.1 | 2025-10-15 15:57:57 | Deep Dive |
| CVE-2025-59552 | WordPress Save as PDF Plugin <= 4.5.2 - Cross Site Scripting (XSS) Vulnerability | Pdfcrowd Dev Team | Save as PDF | Medium | 6.5 | 2025-09-22 18:26:06 | Deep Dive |
| CVE-2025-58240 | WordPress xili-tidy-tags Plugin <= 1.12.06 - Cross Site Scripting (XSS) Vulnerability | Michel - xiligroup dev | xili-tidy-tags | Medium | 6.5 | 2025-09-22 18:23:35 | Deep Dive |
| CVE-2025-58654 | WordPress xili-language Plugin <= 2.21.3 - Cross Site Scripting (XSS) Vulnerability | Michel - xiligroup dev | xili-language | Medium | 6.5 | 2025-09-22 18:23:07 | Deep Dive |
| CVE-2025-59342 | esm.sh writes arbitrary files via path traversal in `X-Zone-Id` header | esm-dev | esm.sh | - | - | 2025-09-17 17:59:34 | Deep Dive |
| CVE-2025-59341 | Local File Inclusion in esm.sh | esm-dev | esm.sh | - | - | 2025-09-17 17:55:26 | Deep Dive |
| CVE-2025-10433 | 1Panel-dev MaxKB debug deserialization | 1Panel-dev | MaxKB | Medium | 6.3 | 2025-09-15 08:02:07 | Deep Dive |
| CVE-2025-9566 | Podman: podman kube play command may overwrite host files | - | - | High | 8.1 | 2025-09-05 19:54:31 | Deep Dive |
| CVE-2025-54867 | Youki Symlink Following Vulnerability | youki-dev | youki | High | 7.0 | 2025-08-14 16:08:01 | Deep Dive |
| CVE-2025-8671 | CVE-2025-8671 | SUSE Linux | Enterprise Module for Development Tools | - | - | 2025-08-13 12:03:37 | Deep Dive |
| CVE-2025-54888 | @fedify/fedify: Improper Authentication and Incorrect Authorization | fedify-dev | fedify | 中危 | - | 2025-08-09 01:31:53 | Deep Dive |
| CVE-2025-54886 | skops: Card.get_model does not block arbitrary code execution | skops-dev | skops | High | 8.4 | 2025-08-08 00:03:45 | Deep Dive |
| CVE-2025-8556 | Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results | - | - | Low | 3.7 | 2025-08-06 08:48:18 | Deep Dive |
| CVE-2025-54424 | 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution | 1Panel-dev | 1Panel | High | 8.1 | 2025-08-01 23:04:38 | Deep Dive |
| CVE-2025-8264 | Z-Push 安全漏洞 | - | z-push/z-push-dev | Critical | 9.0 | 2025-07-29 05:00:01 | Deep Dive |
| CVE-2025-54413 | skops' MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time | skops-dev | skops | 中危 | - | 2025-07-26 03:29:44 | Deep Dive |
| CVE-2025-54412 | skops' Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution | skops-dev | skops | 中危 | - | 2025-07-26 03:29:11 | Deep Dive |