| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-64516 | GLPI incorrectly authorizes access to documents | glpi-project | glpi | High | 7.5 | 2026-01-15 16:01:03 | Deep Dive |
| CVE-2021-47819 | ProjeQtOr Project Management 9.1.4 - Remote Code Execution | Projeqtor | ProjeQtOr Project Management | Critical | 9.8 | 2026-01-15 15:52:16 | Deep Dive |
| CVE-2025-15504 | lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference | lief-project | LIEF | Low | 3.3 | 2026-01-10 11:32:07 | Deep Dive |
| CVE-2026-22773 | vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions | vllm-project | vllm | Medium | 6.5 | 2026-01-10 06:39:02 | Deep Dive |
| CVE-2026-21851 | MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download | Project-MONAI | MONAI | Medium | 5.3 | 2026-01-07 22:27:19 | Deep Dive |
| CVE-2025-63082 | Joomla! Core - [20260101] - Inadequate content filtering for data URLs | Joomla! Project | Joomla! CMS | 中危 | - | 2026-01-06 16:01:39 | Deep Dive |
| CVE-2025-63083 | Joomla! Core - [20260102] - XSS vector in the pagebreak plugin | Joomla! Project | Joomla! CMS | 中危 | - | 2026-01-06 16:01:15 | Deep Dive |
| CVE-2025-23705 | WordPress Zielke Design Project Gallery plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability | Terry Zielke | Zielke Design Project Gallery | High | 7.1 | 2025-12-31 19:55:23 | Deep Dive |
| CVE-2025-68040 | WordPress WP Project Manager plugin <= 3.0.1 - Sensitive Data Exposure vulnerability | weDevs | WP Project Manager | Medium | 6.5 | 2025-12-29 23:25:11 | Deep Dive |
| CVE-2025-15156 | omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference | omec-project | UPF | Medium | 4.3 | 2025-12-28 22:02:06 | Deep Dive |
| CVE-2018-25154 | GNU Barcode 0.99 Buffer Overflow in Code 93 Encoding Mechanism | The GNU Project | Free Software Foundation, Inc. | GNU Barcode | Critical | 9.8 | 2025-12-24 19:27:53 | Deep Dive |
| CVE-2023-53958 | LDAP Tool Box Self Service Password 1.5.2 Account Takeover via HTTP Host Header | ltb-project | LDAP Tool Box Self Service Password | High | 7.5 | 2025-12-19 21:05:53 | Deep Dive |
| CVE-2023-53959 | FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll | filezilla-project | FileZilla Client | Critical | 9.8 | 2025-12-19 21:05:53 | Deep Dive |
| CVE-2023-53943 | GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint | Glpi-Project | GLPI | Medium | 5.3 | 2025-12-18 19:53:36 | Deep Dive |
| CVE-2025-12496 | Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery | dylanjkotze | Zephyr Project Manager | Medium | 4.9 | 2025-12-17 07:21:01 | Deep Dive |
| CVE-2025-64520 | GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API | glpi-project | glpi | Medium | 6.5 | 2025-12-16 21:59:03 | Deep Dive |
| CVE-2025-59935 | GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page | glpi-project | glpi | Medium | 6.5 | 2025-12-16 16:34:46 | Deep Dive |
| CVE-2025-67899 | Uriparser 安全漏洞 | uriparser project | uriparser | Low | 2.9 | 2025-12-14 22:17:42 | Deep Dive |
| CVE-2025-14068 | WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter | qdonow | WPNakama – Team and multi-Client Collaboration, Editorial and Project Management | High | 7.5 | 2025-12-12 06:32:58 | Deep Dive |
| CVE-2025-12963 | LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation | lazycoders | LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart | Critical | 9.8 | 2025-12-12 03:20:55 | Deep Dive |