| CVE-2025-54037 | WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability | blazethemes | News Kit Elementor Addons | Medium | 5.4 | 2025-07-16 10:36:49 | Deep Dive |
| CVE-2025-4944 | LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2025-05-30 11:15:10 | Deep Dive |
| CVE-2025-4943 | LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2025-05-30 06:42:49 | Deep Dive |
| CVE-2025-2944 | Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets | jegtheme | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | Medium | 6.4 | 2025-05-10 05:32:16 | Deep Dive |
| CVE-2025-2168 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Medium | 4.3 | 2025-05-01 03:23:40 | Deep Dive |
| CVE-2025-3106 | LA-Studio Element Kit for Elementor <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table of Contents Widget | choijun | LA-Studio Element Kit for Elementor | Medium | 6.4 | 2025-04-18 09:21:49 | Deep Dive |
| CVE-2025-39588 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Deserialization of untrusted data Vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Critical | 9.8 | 2025-04-17 15:46:44 | Deep Dive |
| CVE-2025-32388 | SvelteKit allows XSS via tracked search_params | sveltejs | kit | Medium | 5.4 | 2025-04-15 22:32:06 | Deep Dive |
| CVE-2025-3115 | Spotfire Data Function Vulnerability | Spotfire | Spotfire Statistics Services | - | - | 2025-04-09 18:12:28 | Deep Dive |
| CVE-2025-3114 | Spotfire Code Execution Vulnerability | Spotfire | Spotfire Enterprise Runtime for R | - | - | 2025-04-09 17:29:49 | Deep Dive |
| CVE-2024-54092 | Siemens Industrial Edge Devices 安全漏洞 | Siemens | Industrial Edge Device Kit - arm64 V1.17 | Critical | 9.8 | 2025-04-08 08:22:25 | Deep Dive |
| CVE-2025-32196 | WordPress News Kit Elementor Addons plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability | blazethemes | News Kit Elementor Addons | Medium | 6.5 | 2025-04-04 15:59:08 | Deep Dive |
| CVE-2025-32194 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability | LA-Studio | LA-Studio Element Kit for Elementor | Medium | 6.5 | 2025-04-04 15:59:07 | Deep Dive |
| CVE-2025-32184 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Medium | 6.5 | 2025-04-04 15:58:59 | Deep Dive |
| CVE-2025-32157 | WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Local File Inclusion vulnerability | Jakub Glos | Sparkle Elementor Kit | High | 7.5 | 2025-04-04 15:58:42 | Deep Dive |
| CVE-2025-31805 | WordPress Gutena Kit plugin <= 2.0.7 - Cross Site Scripting (XSS) vulnerability | Saad Iqbal | Gutena Kit – Gutenberg Blocks and Templates | Medium | 6.5 | 2025-04-01 14:51:37 | Deep Dive |
| CVE-2025-31001 | WordPress GTM Kit plugin <= 2.4.0 - Sensitive Data Exposure vulnerability | TLA Media | GTM Kit | 高危 | - | 2025-04-01 05:32:25 | Deep Dive |
| CVE-2025-2576 | Ayyash Studio <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | themerox | Ayyash Studio — The kick-start kit | Medium | 6.4 | 2025-03-26 02:23:48 | Deep Dive |
| CVE-2025-2598 | AWS CDK CLI prints AWS credentials retrieved by custom credential plugins | AWS | Cloud Development Kit Command Line Interface | Medium | 5.5 | 2025-03-21 14:14:29 | Deep Dive |
| CVE-2025-24849 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Cleartext Transmission of Sensitive Information | Dario Health | USB-C Blood Glucose Monitoring System Starter Kit Android Applications | High | 7.1 | 2025-02-28 16:58:55 | Deep Dive |