Open Vulnerabilities
| CVE ID | Vulnerability | Affected Asset | CVSS | Severity | Discovered | Status | |
|---|---|---|---|---|---|---|---|
| CVE-2025-1187 | Remote Code ExecutionUnauthenticated RCE in web module |
WEB-SRV-01 | 9.8 | Critical | 10 Jul 2026 | Open | |
| CVE-2025-0934 | SQL InjectionBlind SQLi in reporting API |
DB-Cluster-02 | 9.1 | Critical | 09 Jul 2026 | Patching | |
| CVE-2025-2276 | Privilege EscalationLocal priv-esc via kernel driver |
WKS-2043 | 8.4 | High | 09 Jul 2026 | Open | |
| CVE-2025-3391 | Auth BypassJWT signature not verified |
IDP-Cloud | 7.6 | High | 08 Jul 2026 | Patching | |
| CVE-2025-4108 | Cross-Site ScriptingStored XSS in comment field |
WEB-SRV-03 | 6.1 | Medium | 07 Jul 2026 | Patched | |
| CVE-2025-5520 | Information DisclosureVerbose error stack traces |
API-GW-01 | 3.7 | Low | 06 Jul 2026 | Patched |