| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-13298 | itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection | itsourcecode | Web-Based Internet Laboratory Management System | High | 7.3 | 2025-11-17 19:32:06 | Deep Dive |
| CVE-2025-13297 | itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection | itsourcecode | Web-Based Internet Laboratory Management System | High | 7.3 | 2025-11-17 18:02:07 | Deep Dive |
| CVE-2025-10460 | Unsanitized parameter input leading to SQL Injection vulnerability | BEIMS | Contractor Web | - | - | 2025-11-17 02:48:26 | Deep Dive |
| CVE-2025-13251 | WeiYe-Jing datax-web sql injection | WeiYe-Jing | datax-web | Medium | 6.3 | 2025-11-16 13:02:06 | Deep Dive |
| CVE-2025-13250 | WeiYe-Jing datax-web Job triggerJob access control | WeiYe-Jing | datax-web | Medium | 6.3 | 2025-11-16 12:02:06 | Deep Dive |
| CVE-2025-12539 | TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover | leopardhost | TNC Toolbox: Web Performance | Critical | 10.0 | 2025-11-11 11:03:44 | Deep Dive |
| CVE-2021-4461 | Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass | Seeyon | Zhiyuan OA Web Application System | - | - | 2025-10-30 21:16:23 | Deep Dive |
| CVE-2025-59151 | Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection | pi-hole | web | High | 8.2 | 2025-10-27 19:43:00 | Deep Dive |
| CVE-2025-53533 | Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page | pi-hole | web | - | - | 2025-10-27 19:06:32 | Deep Dive |
| CVE-2025-32785 | Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field) | pi-hole | web | - | - | 2025-10-27 18:44:16 | Deep Dive |
| CVE-2025-62899 | WordPress Photospace Responsive plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | THRIVE - Web Design Gold Coast | Photospace Responsive | Medium | 5.9 | 2025-10-27 01:33:50 | Deep Dive |
| CVE-2025-12202 | ajayrandhawa User-Management-PHP-MYSQL web cross-site request forgery | ajayrandhawa | User-Management-PHP-MYSQL web | Medium | 4.3 | 2025-10-27 01:32:08 | Deep Dive |
| CVE-2025-49920 | WordPress Web Accessibility By accessiBe plugin <= 2.10 - Broken Access Control vulnerability | accessiBe | Web Accessibility By accessiBe | Medium | 5.4 | 2025-10-22 14:32:13 | Deep Dive |
| CVE-2025-61789 | Icinga DB Web hidden/protected custom variables are prone to filter enumeration | Icinga | icingadb-web | Medium | 5.3 | 2025-10-16 17:00:32 | Deep Dive |
| CVE-2025-52583 | NEOJAPAN desknets Web Server 跨站脚本漏洞 | NEOJAPAN Inc. | desknet's Web Server | - | - | 2025-10-16 10:03:14 | Deep Dive |
| CVE-2025-10700 | Ally - Web Accessibility & Usability <= 3.8.0 - Cross-Site Request Forgery to Plugin Settings Update | elemntor | Ally – Web Accessibility & Usability | Medium | 4.3 | 2025-10-16 02:25:10 | Deep Dive |
| CVE-2025-10375 | Web Accessibility By accessiBe <= 2.10 - Cross-Site Request Forgery | accessibewp | Web Accessibility by accessiBe | Medium | 4.3 | 2025-10-11 09:28:42 | Deep Dive |
| CVE-2017-20202 | Web Developer for Chrome v0.4.9 Malicious Backdoor Supply Chain Compromise | Web Developer for Chrome | Web Developer for Chrome | - | - | 2025-10-08 22:04:12 | Deep Dive |
| CVE-2025-11431 | code-projects Web-Based Inventory and POS System transaction.php sql injection | code-projects | Web-Based Inventory and POS System | Medium | 6.3 | 2025-10-08 04:02:07 | Deep Dive |
| CVE-2025-11424 | code-projects Web-Based Inventory and POS System login.php sql injection | code-projects | Web-Based Inventory and POS System | High | 7.3 | 2025-10-08 02:02:09 | Deep Dive |