Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
Showing 12,941 - 12,960 of 14,286 CVEs
CVE-2025-69061 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through <= 1.2.15.

Vendor: AncoraThemes
Product: MoveMe
Published: Jan 22, 2026
Source: NVD
CVE-2025-69060 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through <= 1.3.3.

Vendor: AncoraThemes
Product: uReach
Published: Jan 22, 2026
Source: NVD
CVE-2025-69059 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through <= 1.4.3.

Vendor: AncoraThemes
Product: DiveIt
Published: Jan 22, 2026
Source: NVD
CVE-2025-69058 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through <= 1.1.15.

Vendor: AncoraThemes
Product: PartyMaker
Published: Jan 22, 2026
Source: NVD
CVE-2025-69057 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Eldon eldon allows PHP Local File Inclusion.This issue affects Eldon: from n/a through <= 1.0.

Vendor: Edge-Themes
Product: Eldon
Published: Jan 22, 2026
Source: NVD
CVE-2025-69056 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Hotel Listing hotel-listing allows Reflected XSS.This issue affects Hotel Listing: from n/a through <= 1.4.0.

Vendor: e-plugins
Product: Hotel Listing
Published: Jan 22, 2026
Source: NVD
CVE-2025-69054 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through <= 2.8.

Vendor: highwarden
Product: Super Logos Showcase
Published: Jan 22, 2026
Source: NVD
CVE-2025-69053 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.

Vendor: LambertGroup
Product: Universal Video Player
Published: Jan 22, 2026
Source: NVD
CVE-2025-69051 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects ListingPro Reviews: from n/a through <= 1.7.

Vendor: CridioStudio
Product: ListingPro Reviews
Published: Jan 22, 2026
Source: NVD
CVE-2025-69050 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.3.

Vendor: Edge-Themes
Product: Overworld
Published: Jan 22, 2026
Source: NVD
CVE-2025-69049 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Töbel: from n/a through <= 1.6.

Vendor: Elated-Themes
Product: Töbel
Published: Jan 22, 2026
Source: NVD
CVE-2025-69048 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.

Vendor: LambertGroup
Product: Universal Video Player
Published: Jan 22, 2026
Source: NVD
CVE-2025-69047 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech MaxShop sw_maxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through <= 3.6.20.

Vendor: magentech
Product: MaxShop
Published: Jan 22, 2026
Source: NVD
CVE-2025-69046 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue affects iRecco Core: from n/a through <= 1.3.6.

Vendor: WebGeniusLab
Product: iRecco Core
Published: Jan 22, 2026
Source: NVD
CVE-2025-69045 HIGH - 8.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4.

Vendor: FooEvents
Product: FooEvents for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-69044 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through <= 1.3.3.

Vendor: goalthemes
Product: Vango
Published: Jan 22, 2026
Source: NVD
CVE-2025-69043 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3.

Vendor: goalthemes
Product: Rashy
Published: Jan 22, 2026
Source: NVD
CVE-2025-69042 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5.

Vendor: goalthemes
Product: Lindo
Published: Jan 22, 2026
Source: NVD
CVE-2025-69041 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dekoro: from n/a through <= 1.0.7.

Vendor: goalthemes
Product: Dekoro
Published: Jan 22, 2026
Source: NVD
CVE-2025-69040 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through <= 1.2.1.

Vendor: goalthemes
Product: Bfres
Published: Jan 22, 2026
Source: NVD