| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-0920 | LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter | choijun | LA-Studio Element Kit for Elementor | Critical | 9.8 | 2026-01-22 06:47:20 | Deep Dive |
| CVE-2026-21930 | Oracle ZFS Storage Appliance Kit 安全漏洞 | Oracle Corporation | Oracle ZFS Storage Appliance Kit | Low | 2.3 | 2026-01-20 21:56:23 | Deep Dive |
| CVE-2026-22803 | SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer | sveltejs | kit | - | - | 2026-01-15 18:37:58 | Deep Dive |
| CVE-2025-67647 | SvelteKit Denial of service and possible SSRF when using prerendering | sveltejs | kit | - | - | 2026-01-15 18:33:25 | Deep Dive |
| CVE-2025-40805 | Siemens Industrial Edge Devices 安全漏洞 | Siemens | Industrial Edge Cloud Device (IECD) | Critical | 10.0 | 2026-01-13 09:44:03 | Deep Dive |
| CVE-2026-22487 | WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability | baqend | Speed Kit | Medium | 4.3 | 2026-01-08 16:37:42 | Deep Dive |
| CVE-2025-14275 | Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2026-01-08 02:21:16 | Deep Dive |
| CVE-2025-69336 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | 中危 | - | 2026-01-06 16:36:39 | Deep Dive |
| CVE-2025-14434 | Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure | Unknown | Ultimate Post Kit Addons for Elementor | 中危 | - | 2025-12-31 06:00:11 | Deep Dive |
| CVE-2019-25250 | Devolo dLAN 500 AV Wireless+ 3.1.0-1 Cross-Site Request Forgery | devolo AG | dLAN 550 duo+ Starter Kit | Medium | 5.3 | 2025-12-24 19:28:03 | Deep Dive |
| CVE-2019-25249 | devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr | devolo AG | dLAN 550 duo+ Starter Kit | Critical | 9.8 | 2025-12-24 19:28:03 | Deep Dive |
| CVE-2025-13089 | WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection | wpdirectorykit | WP Directory Kit | High | 7.5 | 2025-12-13 03:20:26 | Deep Dive |
| CVE-2025-67594 | WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability | ThimPress | Thim Elementor Kit | Medium | 4.3 | 2025-12-09 14:14:18 | Deep Dive |
| CVE-2025-27935 | Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit | Ping Identity | One-Time Passcode Integration Kit for PingFederate | - | - | 2025-12-04 20:38:32 | Deep Dive |
| CVE-2025-13390 | WP Directory Kit <= 1.4.4 - Authentication Bypass to Privilege Escalation via Account Takeover | listingthemes | WP Directory Kit | Critical | 10.0 | 2025-12-03 13:52:44 | Deep Dive |
| CVE-2025-13090 | WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection | wpdirectorykit | WP Directory Kit | Medium | 4.9 | 2025-12-02 11:20:07 | Deep Dive |
| CVE-2025-13525 | WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter | wpdirectorykit | WP Directory Kit | Medium | 6.1 | 2025-11-27 05:31:57 | Deep Dive |
| CVE-2025-13138 | WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function | wpdirectorykit | WP Directory Kit | High | 7.5 | 2025-11-21 09:27:00 | Deep Dive |
| CVE-2025-5092 | Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library | lightgalleryteam | LightGallery WP | Medium | 6.4 | 2025-11-20 06:38:42 | Deep Dive |
| CVE-2025-6251 | Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting | wproyal | Royal Addons for Elementor – Addons and Templates Kit for Elementor | Medium | 6.4 | 2025-11-19 03:29:40 | Deep Dive |