6.4
CVE-2025-3614 - ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Sitโฆ
The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated โฆ
9.3
CVE-2025-32429 - XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDEโฆ
0.0
CVE-2014-125120 -
This CVE has the been REJECTED and will not be published by the CNA.
5.3
CVE-2025-8123 - deerwms deer-wms-2 edit sql injection
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosโฆ
7.1
CVE-2025-31952 - HCL iAutomate is affected by an insufficient session expiration
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.
7.6
CVE-2025-31955 - HCL iAutomate is affected by a sensitive data exposure vulnerability
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.
9.3
CVE-2025-6260 - Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function
The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset userโฆ
5.9
CVE-2025-7404 - Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.
7.1
CVE-2025-31953 - HCL iAutomate is affected by hardcoded credentials
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.
8.7
CVE-2025-6998 - Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS
ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allowsย unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login.ย This issue affects Calibre Web: 0.6.24 (Nicoโฆ