0.0
CVE-2025-23705 - WordPress Zielke Design Project Gallery plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Zielke Zielke Design Project Gallery zielke-design-project-gallery allows Reflected XSS.This issue affects Zielke Design Project Gallery: from n/a through <= 2.5.0.
0.0
CVE-2025-23667 - WordPress custom-post-edit plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christopher Churchill custom-post-edit front-end-post-edit allows Reflected XSS.This issue affects custom-post-edit: from n/a through <= 1.0.4.
0.0
CVE-2025-66144 - WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Worker for Elementor worker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through <= 1.0.10.
0.0
CVE-2025-66145 - WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Worker for WPBakery worker-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through <= 1.1.1.
0.0
CVE-2025-66146 - WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Logger for Elementor logger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through <= 1.0.9.
0.0
CVE-2025-66148 - WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Conformer for Elementor conformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through <= 1.0.7.
5.1
CVE-2025-15394 - iCMS POST Parameter ConfigAdmincp.php save code injection
A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and mayโฆ
0.0
CVE-2025-69291 -
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2025. Notes: none
5.1
CVE-2021-47743 - COMMAX Biometric Access Control System 1.0.0 Reflected XSS via Cookie Parameters
COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary scripts in a victim'sโฆ
6.9
CVE-2021-47740 - KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.