Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,421 - 12,440 of 13,433 CVEs
CVE-2025-69002 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9.

Vendor: designthemes
Product: OneLife
Published: Jan 22, 2026
Source: NVD
CVE-2025-68999 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4.

Vendor: HappyMonster
Product: Happy Addons for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-68913 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7.

Vendor: zozothemes
Product: Miion
Published: Jan 22, 2026
Source: NVD
CVE-2025-68912 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1.

Vendor: Harmonic Design
Product: HDForms
Published: Jan 22, 2026
Source: NVD
CVE-2025-68908 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through <= 2.9.9.87.

Vendor: temash
Product: Barberry
Published: Jan 22, 2026
Source: NVD
CVE-2025-68907 HIGH - 7.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7.0.

Vendor: AivahThemes
Product: Hostme v2
Published: Jan 22, 2026
Source: NVD
CVE-2025-68906 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2.

Vendor: jegtheme
Product: JNews - Video
Published: Jan 22, 2026
Source: NVD
CVE-2025-68905 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <= 11.0.0.

Vendor: jegtheme
Product: JNews - Pay Writer
Published: Jan 22, 2026
Source: NVD
CVE-2025-68904 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.

Vendor: jegtheme
Product: JNews - Frontend Submit
Published: Jan 22, 2026
Source: NVD
CVE-2025-68903 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0.

Vendor: AivahThemes
Product: Anona
Published: Jan 22, 2026
Source: NVD
CVE-2025-68902 HIGH - 7.3

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.

Vendor: AivahThemes
Product: Anona
Published: Jan 22, 2026
Source: NVD
CVE-2025-68901 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.

Vendor: AivahThemes
Product: Anona
Published: Jan 22, 2026
Source: NVD
CVE-2025-68899 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.

Vendor: designthemes
Product: Vivagh
Published: Jan 22, 2026
Source: NVD
CVE-2025-68894 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2.

Vendor: shoutoutglobal
Product: ShoutOut
Published: Jan 22, 2026
Source: NVD
CVE-2025-68884 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1.

Vendor: Arevico
Product: WP Simple Redirect
Published: Jan 22, 2026
Source: NVD
CVE-2025-68883 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12.0.

Vendor: extremeidea
Product: bidorbuy Store Integrator
Published: Jan 22, 2026
Source: NVD
CVE-2025-68882 HIGH - 7.5

Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.3.

Vendor: Scalenut
Product: Scalenut
Published: Jan 22, 2026
Source: NVD
CVE-2025-68881 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal AppExperts appexperts allows SQL Injection.This issue affects AppExperts: from n/a through <= 1.4.5.

Vendor: Saad Iqbal
Product: AppExperts
Published: Jan 22, 2026
Source: NVD
CVE-2025-68871 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0.

Vendor: noCreativity
Product: Dooodl
Published: Jan 22, 2026
Source: NVD
CVE-2025-68866 HIGH - 7.2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18.

Vendor: woofer696
Product: Dinatur
Published: Jan 22, 2026
Source: NVD