| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23624 | GLPI is vulnerable to session stealing on externally authenticated user change | glpi-project | glpi | Medium | 4.3 | 2026-02-04 17:15:34 | Deep Dive |
| CVE-2026-22247 | GLPI is Vulnerable to SSRF via Webhooks | glpi-project | glpi | Medium | 4.1 | 2026-02-04 17:10:30 | Deep Dive |
| CVE-2026-1788 | Buffer Overflow in Xquic Server | Xquic Project | Xquic Server | - | - | 2026-02-03 03:22:48 | Deep Dive |
| CVE-2026-22778 | vLLM leaks a heap address when PIL throws an error | vllm-project | vllm | Critical | 9.8 | 2026-02-02 21:09:53 | Deep Dive |
| CVE-2025-62349 | Salt Master authentication protocol downgrade may enable minion impersonation | Salt Project | Salt | Medium | 6.2 | 2026-01-30 18:59:22 | Deep Dive |
| CVE-2025-62348 | Salt junos module uses an unsafe YAML loader which may allow unintended code execution | Salt Project | Salt | High | 7.8 | 2026-01-30 18:57:52 | Deep Dive |
| CVE-2026-25210 | libexpat 输入验证错误漏洞 | libexpat project | libexpat | Medium | 6.9 | 2026-01-30 06:40:28 | Deep Dive |
| CVE-2026-25068 | alsa-lib 1.2.15.2 Topology Decoder Heap-based Buffer Overflow | ALSA Project | alsa-lib | 中危 | - | 2026-01-29 19:08:04 | Deep Dive |
| CVE-2020-37004 | Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage | codexcube | Ultimate Project Manager CRM PRO | High | 8.2 | 2026-01-29 14:28:29 | Deep Dive |
| CVE-2020-37002 | Ajenti 2.1.36 - Remote Code Execution | Ajenti Project | Ajenti | Critical | 9.8 | 2026-01-29 14:28:28 | Deep Dive |
| CVE-2026-1466 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau | Jirafeau project | Jirafeau | Medium | 6.1 | 2026-01-28 06:33:15 | Deep Dive |
| CVE-2026-24779 | vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector` | vllm-project | vllm | High | 7.1 | 2026-01-27 22:01:14 | Deep Dive |
| CVE-2026-24812 | An improper pointer arithmetic in root-project/root at builtins/zlib/inftrees.c | root-project | root | - | - | 2026-01-27 08:48:31 | Deep Dive |
| CVE-2026-24811 | An improper pointer arithmetic in root-project/root at builtins/zlib/inffast.c | root-project | root | - | - | 2026-01-27 08:47:53 | Deep Dive |
| CVE-2026-24515 | libexpat 代码问题漏洞 | libexpat project | libexpat | Low | 2.9 | 2026-01-23 07:46:36 | Deep Dive |
| CVE-2025-68898 | WordPress Synergy Project Manager plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability | cjjparadoxmax | Synergy Project Manager | - | - | 2026-01-22 16:52:12 | Deep Dive |
| CVE-2026-24009 | Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage | docling-project | docling-core | High | 8.1 | 2026-01-22 15:04:53 | Deep Dive |
| CVE-2026-22807 | vLLM affected by RCE via auto_map dynamic module loading during model initialization | vllm-project | vllm | High | 8.8 | 2026-01-21 21:13:12 | Deep Dive |
| CVE-2025-24531 | PAM-PKCS#11 安全漏洞 | OpenSC project | pam_pkcs11 | Medium | 6.7 | 2026-01-16 00:00:00 | Deep Dive |
| CVE-2025-66417 | GLPI has an unauthenticated SQL injection through the inventory endpoint | glpi-project | glpi | High | 7.5 | 2026-01-15 16:25:03 | Deep Dive |