Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,667
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 12,481 - 12,500 of 13,433 CVEs
CVE-2025-67941 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue affects The Aisle: from n/a through < 2.9.1.

Vendor: Elated-Themes
Product: The Aisle
Published: Jan 22, 2026
Source: NVD
CVE-2025-67940 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through < 3.2.1.

Vendor: Mikado-Themes
Product: Powerlift
Published: Jan 22, 2026
Source: NVD
CVE-2025-67938 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue affects Biagiotti: from n/a through < 3.5.2.

Vendor: Mikado-Themes
Product: Biagiotti
Published: Jan 22, 2026
Source: NVD
CVE-2025-67923 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.

Vendor: Crocoblock
Product: JetEngine
Published: Jan 22, 2026
Source: NVD
CVE-2025-67620 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CleverSoft Anon anon2x allows Reflected XSS.This issue affects Anon: from n/a through <= 2.2.10.

Vendor: CleverSoft
Product: Anon
Published: Jan 22, 2026
Source: NVD
CVE-2025-67619 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2.

Vendor: designthemes
Product: Kids Heaven
Published: Jan 22, 2026
Source: NVD
CVE-2025-67616 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through <= 1.2.29.

Vendor: BZOTheme
Product: Mella
Published: Jan 22, 2026
Source: NVD
CVE-2025-67615 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through <= 1.5.1.

Vendor: bslthemes
Product: Myour
Published: Jan 22, 2026
Source: NVD
CVE-2025-67614 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5.5.

Vendor: foreverpinetree
Product: TheNa
Published: Jan 22, 2026
Source: NVD
CVE-2025-66138 HIGH - 8.8

Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.

Vendor: merkulove
Product: Motionger for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66137 HIGH - 8.8

Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.

Vendor: merkulove
Product: Searcher for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66136 HIGH - 8.8

Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.

Vendor: merkulove
Product: Carter for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66135 HIGH - 8.8

Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.

Vendor: merkulove
Product: Imager for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-63051 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.

Vendor: sizam
Product: REHub Framework
Published: Jan 22, 2026
Source: NVD
CVE-2025-63019 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through <= 2.34.

Vendor: Johan Jonk Stenström
Product: Cookies and Content Security Policy
Published: Jan 22, 2026
Source: NVD
CVE-2025-63018 HIGH - 8.8

Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.

Vendor: wproyal
Product: Bard
Published: Jan 22, 2026
Source: NVD
CVE-2025-62106 HIGH - 8.8

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.

Vendor: Mario Peshev
Product: WP-CRM System
Published: Jan 22, 2026
Source: NVD
CVE-2025-5805 HIGH - 8.8

Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2.

Published: Jan 22, 2026
Source: NVD
CVE-2025-56589 HIGH - 7.5

A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or ...

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-54002 HIGH - 8.8

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.

Vendor: Jthemes
Product: xSmart
Published: Jan 22, 2026
Source: NVD