| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-5770 | Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products | WSO2 | WSO2 Identity Server | Medium | 6.1 | 2025-11-05 19:02:48 | Deep Dive |
| CVE-2025-11093 | Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS) | WSO2 | WSO2 Micro Integrator | High | 8.4 | 2025-11-05 18:31:18 | Deep Dive |
| CVE-2025-10907 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution | WSO2 | WSO2 API Manager | High | 8.4 | 2025-11-05 18:03:50 | Deep Dive |
| CVE-2025-10713 | XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration | WSO2 | WSO2 Enterprise Integrator | Medium | 6.5 | 2025-11-05 17:18:25 | Deep Dive |
| CVE-2025-3125 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution | WSO2 | WSO2 Identity Server | Medium | 6.7 | 2025-11-05 14:49:45 | Deep Dive |
| CVE-2025-58337 | Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server | Apache Software Foundation | Apache Doris-MCP-Server | 中危 | - | 2025-11-05 09:26:37 | Deep Dive |
| CVE-2025-12657 | Malformed KMIP response may result in access violation | MongoDB Inc. | MongoDB Server | Medium | 5.0 | 2025-11-03 21:03:25 | Deep Dive |
| CVE-2025-12531 | IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability | IBM | InfoSphere Information Server | High | 7.1 | 2025-11-03 19:47:41 | Deep Dive |
| CVE-2025-8558 | Proofpoint Insider Threat Management Server 安全漏洞 | Proofpoint | Insider Threat Management (ITM) Server | - | - | 2025-11-03 18:40:04 | Deep Dive |
| CVE-2025-33003 | IBM InfoSphere Information Server is vulnerable to privilege escalation | IBM | InfoSphere Information Server | High | 7.8 | 2025-10-31 13:04:31 | Deep Dive |
| CVE-2025-4952 | Denial-of-service vulnerability in ESET security products for Windows | ESET | ESET NOD32 Antivirus | 中危 | - | 2025-10-31 12:28:15 | Deep Dive |
| CVE-2023-7321 | Nagios Log Server < 2.1.14 XSS via Snapshots Page | Nagios | Log Server | - | - | 2025-10-30 21:27:23 | Deep Dive |
| CVE-2023-7323 | Nagios Log Server < 2024R1 XSS via Create User Function | Nagios | Log Server | - | - | 2025-10-30 21:27:03 | Deep Dive |
| CVE-2020-36858 | Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages | Nagios | Log Server | - | - | 2025-10-30 21:26:39 | Deep Dive |
| CVE-2025-34298 | Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation | Nagios | Log Server | - | - | 2025-10-30 21:25:52 | Deep Dive |
| CVE-2025-34277 | Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID | Nagios | Log Server | - | - | 2025-10-30 21:25:33 | Deep Dive |
| CVE-2025-34272 | Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback | Nagios | Log Server | - | - | 2025-10-30 21:25:11 | Deep Dive |
| CVE-2025-34273 | Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion | Nagios | Log Server | - | - | 2025-10-30 21:24:43 | Deep Dive |
| CVE-2024-58273 | Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root | Nagios | Log Server | - | - | 2025-10-30 21:24:16 | Deep Dive |
| CVE-2025-34274 | Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges | Nagios | Log Server | - | - | 2025-10-30 21:23:55 | Deep Dive |