| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14736 | Frontend Admin by DynamiApps <= 3.28.29 - Unauthenticated Privilege Escalation to Administrator via Role Form Field | shabti | Frontend Admin by DynamiApps | Critical | 9.8 | 2026-01-09 06:34:52 | Deep Dive |
| CVE-2025-15426 | jackying H-ui.admin preview.php unrestricted upload | jackying | H-ui.admin | High | 7.3 | 2026-01-02 03:32:06 | Deep Dive |
| CVE-2025-63038 | WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability | Northern Beaches Websites | WP Custom Admin Interface | Medium | 4.3 | 2025-12-31 16:32:37 | Deep Dive |
| CVE-2025-15372 | youlaitech vue3-element-admin Notice index.vue cross site scripting | youlaitech | vue3-element-admin | Low | 2.4 | 2025-12-31 02:02:07 | Deep Dive |
| CVE-2019-25254 | KYOCERA Net Admin 3.4.0906 Cross-Site Request Forgery via User Administration | KYOCERA Corporation | KYOCERA Net Admin | High | 8.8 | 2025-12-24 19:28:05 | Deep Dive |
| CVE-2019-25253 | KYOCERA Net Admin 3.4.0906 Unauthenticated XML External Entity Injection | KYOCERA Corporation | KYOCERA Net Admin | High | 7.5 | 2025-12-24 19:28:04 | Deep Dive |
| CVE-2025-49902 | WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability | A WP Life | Login Page Customizer – Customizer Login Page, Admin Page, Custom Design | Medium | 6.5 | 2025-12-18 07:21:44 | Deep Dive |
| CVE-2025-64249 | WordPress Protect WP Admin plugin <= 4.1 - Broken Access Control vulnerability | WP-EXPERTS.IN | Protect WP Admin | Medium | 5.3 | 2025-12-16 08:12:49 | Deep Dive |
| CVE-2025-64669 | Windows Admin Center Elevation of Privilege Vulnerability | Microsoft | Windows Admin Center | High | 7.8 | 2025-12-11 18:06:14 | Deep Dive |
| CVE-2025-64255 | WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability | Bowo | Admin and Site Enhancements (ASE) | Low | 2.7 | 2025-12-09 14:13:52 | Deep Dive |
| CVE-2025-13071 | Custom Admin Menu <= 1.0.0 - Reflected XSS | Unknown | Custom Admin Menu | - | - | 2025-12-09 06:00:09 | Deep Dive |
| CVE-2025-13948 | opsre go-ldap-admin JWT docker-compose.yaml hard-coded key | opsre | go-ldap-admin | Medium | 5.6 | 2025-12-03 14:32:07 | Deep Dive |
| CVE-2025-13342 | Frontend Admin by DynamiApps <= 3.28.20 - Unauthenticated Arbitrary Options Update | shabti | Frontend Admin by DynamiApps | Critical | 9.8 | 2025-12-03 12:29:55 | Deep Dive |
| CVE-2025-66410 | Gin-vue-admin has an arbitrary file deletion vulnerability | flipped-aurora | gin-vue-admin | - | - | 2025-12-01 22:29:00 | Deep Dive |
| CVE-2025-13389 | Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 5.3 | 2025-11-25 07:28:22 | Deep Dive |
| CVE-2025-13452 | Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 4.3 | 2025-11-25 07:28:20 | Deep Dive |
| CVE-2025-10938 | UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | admintwentytwenty | UiPress lite | Effortless custom dashboards, admin themes and pages | Medium | 6.5 | 2025-11-21 07:31:56 | Deep Dive |
| CVE-2025-11003 | UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | admintwentytwenty | UiPress lite | Effortless custom dashboards, admin themes and pages | Medium | 6.4 | 2025-11-21 07:31:55 | Deep Dive |
| CVE-2025-11815 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update | admintwentytwenty | UiPress lite | Effortless custom dashboards, admin themes and pages | Medium | 4.3 | 2025-11-21 07:31:53 | Deep Dive |
| CVE-2025-11885 | EchBay Admin Security <= 1.3.0 - Reflected Cross-Site Scripting | itvn9online | EchBay Admin Security | Medium | 6.1 | 2025-11-21 07:31:51 | Deep Dive |