Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,838
Quick preset (or use dates below)
Clear Filters
Showing 12,961 - 12,980 of 14,286 CVEs
CVE-2025-69039 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4.

Vendor: goalthemes
Product: Bailly
Published: Jan 22, 2026
Source: NVD
CVE-2025-69038 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through <= 1.3.6.

Vendor: goalthemes
Product: Hyori
Published: Jan 22, 2026
Source: NVD
CVE-2025-69037 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through <= 1.2.3.

Vendor: goalthemes
Product: Pippo
Published: Jan 22, 2026
Source: NVD
CVE-2025-69036 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through <= 16.4.

Vendor: strongholdthemes
Product: Tech Life CPT
Published: Jan 22, 2026
Source: NVD
CVE-2025-69035 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.

Vendor: strongholdthemes
Product: Dental Care CPT
Published: Jan 22, 2026
Source: NVD
CVE-2025-69005 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through <= 2.8.

Vendor: Elated-Themes
Product: Search & Go
Published: Jan 22, 2026
Source: NVD
CVE-2025-69004 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce W...

Vendor: XpeedStudio
Product: Bajaar - Highly Customizable WooCommerce WordPress Theme
Published: Jan 22, 2026
Source: NVD
CVE-2025-69003 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0.

Vendor: QantumThemes
Product: KenthaRadio
Published: Jan 22, 2026
Source: NVD
CVE-2025-69002 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9.

Vendor: designthemes
Product: OneLife
Published: Jan 22, 2026
Source: NVD
CVE-2025-68999 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4.

Vendor: HappyMonster
Product: Happy Addons for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-68913 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7.

Vendor: zozothemes
Product: Miion
Published: Jan 22, 2026
Source: NVD
CVE-2025-68912 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1.

Vendor: Harmonic Design
Product: HDForms
Published: Jan 22, 2026
Source: NVD
CVE-2025-68908 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through <= 2.9.9.87.

Vendor: temash
Product: Barberry
Published: Jan 22, 2026
Source: NVD
CVE-2025-68907 HIGH - 7.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7.0.

Vendor: AivahThemes
Product: Hostme v2
Published: Jan 22, 2026
Source: NVD
CVE-2025-68906 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2.

Vendor: jegtheme
Product: JNews - Video
Published: Jan 22, 2026
Source: NVD
CVE-2025-68905 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <= 11.0.0.

Vendor: jegtheme
Product: JNews - Pay Writer
Published: Jan 22, 2026
Source: NVD
CVE-2025-68904 HIGH - 7.3

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.

Vendor: jegtheme
Product: JNews - Frontend Submit
Published: Jan 22, 2026
Source: NVD
CVE-2025-68903 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0.

Vendor: AivahThemes
Product: Anona
Published: Jan 22, 2026
Source: NVD
CVE-2025-68902 HIGH - 7.3

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.

Vendor: AivahThemes
Product: Anona
Published: Jan 22, 2026
Source: NVD
CVE-2025-68901 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.

Vendor: AivahThemes
Product: Anona
Published: Jan 22, 2026
Source: NVD