Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,836
Quick preset (or use dates below)
Clear Filters
Showing 13,021 - 13,040 of 14,286 CVEs
CVE-2025-67956 HIGH - 8.2

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6.

Vendor: wpeverest
Product: User Registration
Published: Jan 22, 2026
Source: NVD
CVE-2025-67955 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through <= 4.1.0.

Vendor: TangibleWP
Product: MyHome Core
Published: Jan 22, 2026
Source: NVD
CVE-2025-67953 HIGH - 8.1

Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.16.44.

Vendor: Booking Activities Team
Product: Booking Activities
Published: Jan 22, 2026
Source: NVD
CVE-2025-67952 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through < 5.6.2.

Vendor: ThemeGoods
Product: Grand Tour
Published: Jan 22, 2026
Source: NVD
CVE-2025-67949 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 94.3.6.

Vendor: designingmedia
Product: Hostiko
Published: Jan 22, 2026
Source: NVD
CVE-2025-67947 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through <= 3.0.11.

Vendor: scriptsbundle
Product: AdForest Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-67946 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11.

Vendor: scriptsbundle
Product: AdForest
Published: Jan 22, 2026
Source: NVD
CVE-2025-67943 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.

Vendor: wphocus
Product: My auctions allegro
Published: Jan 22, 2026
Source: NVD
CVE-2025-67941 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue affects The Aisle: from n/a through < 2.9.1.

Vendor: Elated-Themes
Product: The Aisle
Published: Jan 22, 2026
Source: NVD
CVE-2025-67940 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through < 3.2.1.

Vendor: Mikado-Themes
Product: Powerlift
Published: Jan 22, 2026
Source: NVD
CVE-2025-67938 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue affects Biagiotti: from n/a through < 3.5.2.

Vendor: Mikado-Themes
Product: Biagiotti
Published: Jan 22, 2026
Source: NVD
CVE-2025-67923 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.

Vendor: Crocoblock
Product: JetEngine
Published: Jan 22, 2026
Source: NVD
CVE-2025-67620 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CleverSoft Anon anon2x allows Reflected XSS.This issue affects Anon: from n/a through <= 2.2.10.

Vendor: CleverSoft
Product: Anon
Published: Jan 22, 2026
Source: NVD
CVE-2025-67619 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2.

Vendor: designthemes
Product: Kids Heaven
Published: Jan 22, 2026
Source: NVD
CVE-2025-67616 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through <= 1.2.29.

Vendor: BZOTheme
Product: Mella
Published: Jan 22, 2026
Source: NVD
CVE-2025-67615 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through <= 1.5.1.

Vendor: bslthemes
Product: Myour
Published: Jan 22, 2026
Source: NVD
CVE-2025-67614 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5.5.

Vendor: foreverpinetree
Product: TheNa
Published: Jan 22, 2026
Source: NVD
CVE-2025-66138 HIGH - 8.8

Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.

Vendor: merkulove
Product: Motionger for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66137 HIGH - 8.8

Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.

Vendor: merkulove
Product: Searcher for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66136 HIGH - 8.8

Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.

Vendor: merkulove
Product: Carter for Elementor
Published: Jan 22, 2026
Source: NVD