| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-9571 | Arbitrary Code Execution in Google Cloud Data Fusion via Malicious Artifact Upload | Google Cloud | Cloud Data Fusion | - | - | 2025-12-10 07:03:00 | Deep Dive |
| CVE-2025-64896 | Creative Cloud Desktop | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) | Adobe | Creative Cloud Desktop | Medium | 5.5 | 2025-12-09 20:39:51 | Deep Dive |
| CVE-2025-53679 | Fortinet FortiSandbox 操作系统命令注入漏洞 | Fortinet | FortiSandbox | High | 7.2 | 2025-12-09 17:19:51 | Deep Dive |
| CVE-2025-12807 | FactoryTalk® DataMosaix™ Private Cloud SQL Injection | Rockwell Automation | FactoryTalk® DataMosaix™ Private Cloud | - | - | 2025-12-09 13:56:33 | Deep Dive |
| CVE-2025-13428 | RCE in SecOps SOAR server via user-provided Python packages | Google Cloud | Google Cloud SecOps SOAR | - | - | 2025-12-09 06:28:09 | Deep Dive |
| CVE-2025-42876 | Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger) | SAP_SE | SAP S/4 HANA Private Cloud (Financials General Ledger) | High | 7.1 | 2025-12-09 02:14:41 | Deep Dive |
| CVE-2025-14185 | Yonyou U8 Cloud AppServletService.class sql injection | Yonyou | U8 Cloud | Medium | 6.3 | 2025-12-07 05:02:06 | Deep Dive |
| CVE-2025-13292 | Improper access control in Google Cloud Apigee-X allows cross-tenant Analytics modification and log data access. | Google Cloud | Apigee-X | 中危 | - | 2025-12-06 05:05:52 | Deep Dive |
| CVE-2025-13426 | Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution | Google Cloud | Apigee hybrid Javacallout policy | 高危 | - | 2025-12-05 21:27:14 | Deep Dive |
| CVE-2025-13614 | Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpkube | Cool Tag Cloud | High | 8.1 | 2025-12-05 09:27:04 | Deep Dive |
| CVE-2025-13932 | SolisCloud Monitoring Platform 安全漏洞 | SolisCloud | Monitoring Platform (Cloud API & Device Control API) | - | - | 2025-12-04 21:17:03 | Deep Dive |
| CVE-2025-20388 | Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 2.7 | 2025-12-03 17:00:59 | Deep Dive |
| CVE-2025-20389 | Improper Input Validation in "label" column field in Splunk Secure Gateway App | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-12-03 17:00:55 | Deep Dive |
| CVE-2025-20383 | Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app | Splunk | Splunk Enterprise | Medium | 4.3 | 2025-12-03 17:00:36 | Deep Dive |
| CVE-2025-20384 | Unauthenticated Log Injection in Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.3 | 2025-12-03 17:00:34 | Deep Dive |
| CVE-2025-20385 | Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 2.4 | 2025-12-03 17:00:30 | Deep Dive |
| CVE-2025-20382 | URL validation bypass through Views Dashboard in Splunk Enterprise | Splunk | Splunk Enterprise | Low | 3.5 | 2025-12-03 17:00:22 | Deep Dive |
| CVE-2025-10304 | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 - Missing Authorization to Unauthenticated Backup Failure | everestthemes | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | Medium | 5.3 | 2025-12-03 03:27:15 | Deep Dive |
| CVE-2025-58484 | SAMSUNG Cloud Assistant 安全漏洞 | Samsung Mobile | Samsung Cloud Assistant | Medium | 4.0 | 2025-12-02 01:24:30 | Deep Dive |
| CVE-2025-12742 | Remote Code Execution in Looker via Teradata JDBC Driver | Google Cloud | Looker | - | - | 2025-11-25 05:38:48 | Deep Dive |