Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 12,401 - 12,420 of 13,433 CVEs
CVE-2025-69051 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects ListingPro Reviews: from n/a through <= 1.7.

Vendor: CridioStudio
Product: ListingPro Reviews
Published: Jan 22, 2026
Source: NVD
CVE-2025-69050 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.3.

Vendor: Edge-Themes
Product: Overworld
Published: Jan 22, 2026
Source: NVD
CVE-2025-69049 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Töbel: from n/a through <= 1.6.

Vendor: Elated-Themes
Product: Töbel
Published: Jan 22, 2026
Source: NVD
CVE-2025-69048 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.

Vendor: LambertGroup
Product: Universal Video Player
Published: Jan 22, 2026
Source: NVD
CVE-2025-69047 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech MaxShop sw_maxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through <= 3.6.20.

Vendor: magentech
Product: MaxShop
Published: Jan 22, 2026
Source: NVD
CVE-2025-69046 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue affects iRecco Core: from n/a through <= 1.3.6.

Vendor: WebGeniusLab
Product: iRecco Core
Published: Jan 22, 2026
Source: NVD
CVE-2025-69045 HIGH - 8.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4.

Vendor: FooEvents
Product: FooEvents for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-69044 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through <= 1.3.3.

Vendor: goalthemes
Product: Vango
Published: Jan 22, 2026
Source: NVD
CVE-2025-69043 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3.

Vendor: goalthemes
Product: Rashy
Published: Jan 22, 2026
Source: NVD
CVE-2025-69042 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5.

Vendor: goalthemes
Product: Lindo
Published: Jan 22, 2026
Source: NVD
CVE-2025-69041 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dekoro: from n/a through <= 1.0.7.

Vendor: goalthemes
Product: Dekoro
Published: Jan 22, 2026
Source: NVD
CVE-2025-69040 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through <= 1.2.1.

Vendor: goalthemes
Product: Bfres
Published: Jan 22, 2026
Source: NVD
CVE-2025-69039 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4.

Vendor: goalthemes
Product: Bailly
Published: Jan 22, 2026
Source: NVD
CVE-2025-69038 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through <= 1.3.6.

Vendor: goalthemes
Product: Hyori
Published: Jan 22, 2026
Source: NVD
CVE-2025-69037 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through <= 1.2.3.

Vendor: goalthemes
Product: Pippo
Published: Jan 22, 2026
Source: NVD
CVE-2025-69036 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through <= 16.4.

Vendor: strongholdthemes
Product: Tech Life CPT
Published: Jan 22, 2026
Source: NVD
CVE-2025-69035 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.

Vendor: strongholdthemes
Product: Dental Care CPT
Published: Jan 22, 2026
Source: NVD
CVE-2025-69005 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through <= 2.8.

Vendor: Elated-Themes
Product: Search & Go
Published: Jan 22, 2026
Source: NVD
CVE-2025-69004 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce W...

Vendor: XpeedStudio
Product: Bajaar - Highly Customizable WooCommerce WordPress Theme
Published: Jan 22, 2026
Source: NVD
CVE-2025-69003 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0.

Vendor: QantumThemes
Product: KenthaRadio
Published: Jan 22, 2026
Source: NVD