| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-12675 | KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update | mykiot | KiotViet Sync | Medium | 4.3 | 2025-11-05 07:27:57 | Deep Dive |
| CVE-2025-12674 | KiotViet Sync <= 1.8.5 - Unauthenticated Arbitrary File Upload | mykiot | KiotViet Sync | Critical | 9.8 | 2025-11-05 07:27:56 | Deep Dive |
| CVE-2025-12676 | KiotViet Sync <= 1.8.5 - Use of Hard-coded Password to Authorization Bypass | mykiot | KiotViet Sync | Medium | 5.3 | 2025-11-05 07:27:56 | Deep Dive |
| CVE-2025-12677 | KiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key Exposure | mykiot | KiotViet Sync | Medium | 5.3 | 2025-11-05 07:27:55 | Deep Dive |
| CVE-2025-62978 | WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability | Kiotviet | KiotViet Sync | Medium | 4.3 | 2025-10-27 01:34:18 | Deep Dive |
| CVE-2025-39381 | WordPress KiotViet Sync plugin <= 1.8.5 - CSRF to Stored XSS vulnerability | Kiotviet | KiotViet Sync | High | 7.1 | 2025-04-24 16:08:38 | Deep Dive |
| CVE-2025-32573 | WordPress KiotViet Sync Plugin <= 1.8.4 - SQL Injection vulnerability | Kiotviet | KiotViet Sync | High | 8.5 | 2025-04-17 15:47:26 | Deep Dive |