| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-7195 | Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd | operator-framework | operator-sdk | Medium | 6.4 | 2025-08-07 19:05:09 | Deep Dive |
| CVE-2025-42947 | Code Injection vulnerability in SAP FICA ODN framework | SAP_SE | SAP FICA ODN framework | Medium | 5.5 | 2025-07-23 03:25:10 | Deep Dive |
| CVE-2025-50090 | Oracle E-Business Suite 跨站请求伪造漏洞 | Oracle Corporation | Oracle Applications Framework | Medium | 5.4 | 2025-07-15 19:27:45 | Deep Dive |
| CVE-2025-50071 | Oracle E-Business Suite 访问控制错误漏洞 | Oracle Corporation | Oracle Applications Framework | Medium | 6.4 | 2025-07-15 19:27:39 | Deep Dive |
| CVE-2025-53675 | Jenkins plugin Warrior Framework 安全漏洞 | Jenkins Project | Jenkins Warrior Framework Plugin | - | - | 2025-07-09 15:39:41 | Deep Dive |
| CVE-2025-53103 | JUnit OpenTestReportGeneratingListener can leak Git credentials | junit-team | junit-framework | Medium | 5.8 | 2025-07-01 18:02:39 | Deep Dive |
| CVE-2025-52888 | Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction | allure-framework | allure2 | High | 7.5 | 2025-06-24 19:45:23 | Deep Dive |
| CVE-2025-41234 | RFD Attack via “Content-Disposition” Header Sourced from Request | VMware | Spring Framework | Medium | 6.5 | 2025-06-12 21:14:43 | Deep Dive |
| CVE-2025-4315 | CubeWP – All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation | cubewp1211 | CubeWP Framework | High | 8.8 | 2025-06-11 09:22:33 | Deep Dive |
| CVE-2025-49511 | WordPress Civi Framework plugin <= 2.1.6 - Cross Site Request Forgery (CSRF) to User Deactivation vulnerability | uxper | Civi Framework | High | 7.1 | 2025-06-10 12:35:34 | Deep Dive |
| CVE-2025-42998 | Security misconfiguration vulnerability in SAP Business One Integration Framework | SAP_SE | SAP Business One Integration Framework | Medium | 5.3 | 2025-06-10 00:14:11 | Deep Dive |
| CVE-2025-3945 | Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) | Tridium | Niagara Framework | High | 7.2 | 2025-05-22 12:47:01 | Deep Dive |
| CVE-2025-3944 | Incorrect Permission Assignment for Critical Resource | Tridium | Niagara Framework | High | 7.2 | 2025-05-22 12:44:56 | Deep Dive |
| CVE-2025-3943 | Use of GET Request Method With sensitive Query Strings | Tridium | Niagara Framework | Medium | 4.1 | 2025-05-22 12:42:14 | Deep Dive |
| CVE-2025-3942 | Improper Output Neutralization for Logs | Tridium | Niagara Framework | Medium | 4.3 | 2025-05-22 12:40:13 | Deep Dive |
| CVE-2025-3941 | Improper Handling of Windows: DATA Alternate Data Stream | Tridium | Niagara Framework | Medium | 5.4 | 2025-05-22 12:38:16 | Deep Dive |
| CVE-2025-3940 | Improper Use of Validation Framework | Tridium | Niagara Framework | Medium | 5.3 | 2025-05-22 12:35:14 | Deep Dive |
| CVE-2025-3939 | Observable Response Discrepancy | Tridium | Niagara Framework | Medium | 5.3 | 2025-05-22 12:33:48 | Deep Dive |
| CVE-2025-3938 | Missing Cryptographic Step | Tridium | Niagara Framework | Medium | 6.8 | 2025-05-22 12:32:02 | Deep Dive |
| CVE-2025-3937 | Use of Password Hash with Insufficient Computational Effort | Tridium | Niagara Framework | High | 7.7 | 2025-05-22 12:23:42 | Deep Dive |