| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-7760 | Reflected XSS in Ofisimo's Association Web Package Flora | Ofisimo Web-Based Software Technologies | Association Web Package Flora | High | 7.6 | 2026-02-03 12:33:24 | Deep Dive |
| CVE-2022-50942 | Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener | Incinga | Incinga Web | Medium | 5.4 | 2026-02-01 12:15:53 | Deep Dive |
| CVE-2025-13917 | Elevation of Privileges in Web Security Services (WSS) Agent | Broadcom | Symantec Web Security Services Agent | High | 7.0 | 2026-01-28 16:29:59 | Deep Dive |
| CVE-2025-40554 | SolarWinds Web Help Desk Authentication Bypass Vulnerability | SolarWinds | Web Help Desk | Critical | 9.8 | 2026-01-28 07:36:50 | Deep Dive |
| CVE-2025-40553 | SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability | SolarWinds | Web Help Desk | Critical | 9.8 | 2026-01-28 07:35:42 | Deep Dive |
| CVE-2025-40552 | SolarWinds Web Help Desk Authentication Bypass Vulnerability | SolarWinds | Web Help Desk | Critical | 9.8 | 2026-01-28 07:34:38 | Deep Dive |
| CVE-2025-40551 | SolarWinds Web Help Desk Deserialization of Untrusted Data Remote Code Execution Vulnerability | SolarWinds | Web Help Desk | Critical | 9.8 | 2026-01-28 07:33:10 | Deep Dive |
| CVE-2025-40537 | SolarWinds Web Help Desk Hardcoded Credentials Vulnerability | SolarWinds | Web Help Desk | High | 7.5 | 2026-01-28 07:31:42 | Deep Dive |
| CVE-2025-40536 | SolarWinds Web Help Desk Security Control Bypass Vulnerability | SolarWinds | Web Help Desk | High | 8.1 | 2026-01-28 07:30:10 | Deep Dive |
| CVE-2020-36939 | Cassandra Web 0.5.0 - Remote File Read | avalanche123 | Cassandra Web | High | 7.5 | 2026-01-27 15:23:47 | Deep Dive |
| CVE-2025-57784 | Tomahawk authentication timing attack due to usage of 'strcmp' | Hiawatha | Hiawatha Web server | - | - | 2026-01-26 17:47:19 | Deep Dive |
| CVE-2025-57785 | Double free in XSLT in 'show_index' | Hiawatha | Hiawatha Web server | - | - | 2026-01-26 17:46:10 | Deep Dive |
| CVE-2025-57783 | Improper header parsing may lead to request smuggling | Hiawatha | Hiawatha Web server | - | - | 2026-01-26 17:45:37 | Deep Dive |
| CVE-2021-47903 | LiteSpeed Web Server Enterprise 5.4.11 - Command Injection | LiteSpeed Technologies Inc | LiteSpeed Web Server Enterprise | High | 8.8 | 2026-01-23 16:47:43 | Deep Dive |
| CVE-2026-24629 | WordPress Web Accessibility with Max Access plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability | Ability, Inc | Web Accessibility with Max Access | 中危 | - | 2026-01-23 14:29:08 | Deep Dive |
| CVE-2026-24606 | WordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerability | Web Impian | Bayarcash WooCommerce | Medium | 5.3 | 2026-01-23 14:29:04 | Deep Dive |
| CVE-2021-47784 | Cyberfox Web Browser 52.9.1 - Denial of Service (PoC) | Cyberfox | Cyberfox Web Browser | High | 7.5 | 2026-01-15 15:52:15 | Deep Dive |
| CVE-2026-0497 | Missing Authorization check in Business Server Pages Application (Product Designer Web UI) | SAP_SE | Business Server Pages Application (Product Designer Web UI) | Medium | 4.3 | 2026-01-13 01:13:36 | Deep Dive |
| CVE-2026-22783 | Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management | dfir-iris | iris-web | Critical | 9.6 | 2026-01-12 18:27:38 | Deep Dive |
| CVE-2020-36914 | QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure | Shenzhen Xingmeng Qihang Media Co., Ltd. | QiHang Media Web (QH.aspx) Digital Signage | High | 7.5 | 2026-01-06 15:53:22 | Deep Dive |