5.4
CVE-2025-66144 - WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Worker for Elementor worker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through <= 1.0.10.
5.4
CVE-2025-66145 - WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Worker for WPBakery worker-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through <= 1.1.1.
5.4
CVE-2025-66146 - WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Logger for Elementor logger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through <= 1.0.9.
5.4
CVE-2025-66148 - WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Conformer for Elementor conformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through <= 1.0.7.
5.1
CVE-2025-15394 - iCMS POST Parameter ConfigAdmincp.php save code injection
A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and mayβ¦
0.0
CVE-2025-69291 -
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2025. Notes: none
5.1
CVE-2021-47743 - COMMAX Biometric Access Control System 1.0.0 Reflected XSS via Cookie Parameters
COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary scripts in a victim'sβ¦
6.9
CVE-2021-47740 - KZTech JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vulnerability
KZTech JT3500V 4G LTE CPE 2.0.1 contains a session management vulnerability that allows attackers to reuse old session credentials without proper expiration. Attackers can exploit the weak session handling to maintain unauthorized access and potentially compromise device authentication mechanisms.
4.8
CVE-2021-47725 - STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting via Files Parameter
STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affecteβ¦
5.3
CVE-2025-34467 - ZwiiCMS < 13.7.00 Lock Persistence Authenticated DoS Against Administrative Pages
ZwiiCMSΒ versions prior toΒ 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns "40β¦