Total CVEs

138,940

Critical Severity

3,615

High Severity

12,982

Last 7 Days

1,699
Quick preset (or use dates below)
Clear Filters
Showing 3,361 - 3,380 of 3,615 CVEs
CVE-2025-67928 CRITICAL - 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through <= 18.6.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67924 CRITICAL - 9.8

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67921 CRITICAL - 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67920 CRITICAL - 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through < 1.2.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67915 CRITICAL - 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67913 CRITICAL - 9.8

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67911 CRITICAL - 9.8

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through <= 4.11.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67910 CRITICAL - 9.8

Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through <= 1.3.7.

Published: Jan 08, 2026
Source: NVD
CVE-2025-23993 CRITICAL - 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through <= 1.1.3.

Published: Jan 08, 2026
Source: NVD
CVE-2025-23504 CRITICAL - 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <= 1.1.3.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22728 CRITICAL - 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows SQL Injection.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.6.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22726 CRITICAL - 9.1

Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows Server Side Request Forgery.This issue affects nK Themes Helper: from n/a through <= 1.7.9.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22713 CRITICAL - 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22712 CRITICAL - 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects Typify: from n/a through <= 3.0.2.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22708 CRITICAL - 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22707 CRITICAL - 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22509 CRITICAL - 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-14431 CRITICAL - 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through <= 1.5.4.

Published: Jan 08, 2026
Source: NVD
CVE-2025-14430 CRITICAL - 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook - Agency Business Creative brook allows PHP Local File Inclusion.This issue affects Brook - Agency Business Creative: from n/a through <= 2.8.9.

Published: Jan 08, 2026
Source: NVD
CVE-2025-14429 CRITICAL - 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6.

Published: Jan 08, 2026
Source: NVD