| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23906 | Apache Druid: Authentication Bypass via LDAP Anonymous Bind | Apache Software Foundation | Apache Druid | - | - | 2026-02-10 09:28:09 | Deep Dive |
| CVE-2026-23901 | Apache Shiro: Brute force attack possible to determine valid user names | Apache Software Foundation | Apache Shiro | 低危 | - | 2026-02-10 09:25:52 | Deep Dive |
| CVE-2026-22922 | Apache Airflow: Airflow externalLogUrl Permission Bypass | Apache Software Foundation | Apache Airflow | - | - | 2026-02-09 10:33:50 | Deep Dive |
| CVE-2026-24098 | Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors | Apache Software Foundation | Apache Airflow | - | - | 2026-02-09 10:32:54 | Deep Dive |
| CVE-2026-23903 | Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems | Apache Software Foundation | Apache Shiro | 中危 | - | 2026-02-09 09:26:22 | Deep Dive |
| CVE-2026-24735 | Apache Answer: Revision API Improper Access Control leads to Information Disclosure | Apache Software Foundation | Apache Answer | - | - | 2026-02-04 10:41:59 | Deep Dive |
| CVE-2026-23794 | Apache Syncope: Reflected XSS on Enduser Login | Apache Software Foundation | Apache Syncope | - | - | 2026-02-03 15:15:24 | Deep Dive |
| CVE-2026-23795 | Apache Syncope: Console XXE on Keymaster parameters | Apache Software Foundation | Apache Syncope | - | - | 2026-02-03 15:14:35 | Deep Dive |
| CVE-2025-67481 | mw.message(…).parse() doesn't output safe HTML, but it's being used as if it does | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:30:40 | Deep Dive |
| CVE-2025-67482 | Lua segfault in unpack() | Wikimedia Foundation | Scribunto | - | - | 2026-02-03 01:28:56 | Deep Dive |
| CVE-2025-67483 | Theoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:26:28 | Deep Dive |
| CVE-2025-67484 | Action API xslt option allows JavaScript execution by administrators who are not interface administrators | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:24:56 | Deep Dive |
| CVE-2025-67480 | list=allrevisions can be used to bypass Extension:Lockdown | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:23:02 | Deep Dive |
| CVE-2025-67475 | Stored XSS through edit summaries in MW Core | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:21:09 | Deep Dive |
| CVE-2025-67476 | Importing leaks IP address of importer via EventStreams | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:18:55 | Deep Dive |
| CVE-2025-67477 | Stored XSS through a system message in Special:ApiSandbox | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:16:41 | Deep Dive |
| CVE-2025-67478 | Wrong E-Mail address composition for usernames with a comma and Umlauts in it like "Döe, Jähn" | Wikimedia Foundation | CheckUser | - | - | 2026-02-03 01:14:18 | Deep Dive |
| CVE-2025-67479 | Magic word replacement in legacy parser allows using reserved data attributes through wikitext | Wikimedia Foundation | MediaWiki | - | - | 2026-02-03 01:12:22 | Deep Dive |
| CVE-2025-61654 | UserInfoCard: Do permission checking when getting counts of global and local edits, new articles and thanks | Wikimedia Foundation | Thanks | - | - | 2026-02-03 01:08:57 | Deep Dive |
| CVE-2025-61655 | Stored XSS through system messages in VisualEditor | Wikimedia Foundation | VisualEditor | - | - | 2026-02-03 01:04:36 | Deep Dive |