Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-60067

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Giardino giardino allows PHP Local File Inclusion.This issue affects Giardino: from n/a through <= 1.1.10.... Read more

    Affected Products : giardino
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49361

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue affects Mamita: from n/a through <= 1.0.9.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58900

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UniTravel unitravel allows PHP Local File Inclusion.This issue affects UniTravel: from n/a through <= 1.4.2.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-60066

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Katelyn katelyn allows PHP Local File Inclusion.This issue affects Katelyn: from n/a through <= 1.0.10.... Read more

    Affected Products : katelyn
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-60065

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pinevale pinevale allows PHP Local File Inclusion.This issue affects Pinevale: from n/a through <= 1.0.14.... Read more

    Affected Products : pinevale
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-60064

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Renewal renewal allows PHP Local File Inclusion.This issue affects Renewal: from n/a through <= 1.2.2.... Read more

    Affected Products : renewal
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58923

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Critique critique allows PHP Local File Inclusion.This issue affects Critique: from n/a through <= 1.17.... Read more

    Affected Products : critique
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-68603

    Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-13516

    The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save_file() function in inc/emails/handler/uploads.php which duplic... Read more

    Affected Products :
    • Published: Dec. 02, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Misconfiguration

  • 8.1

    HIGH
    CVE-2025-58933

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects Anubis: from n/a through <= 1.25.... Read more

    Affected Products : anubis
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58928

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Heart heart allows PHP Local File Inclusion.This issue affects Heart: from n/a through <= 1.8.... Read more

    Affected Products : heart
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58927

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through <= 1.17.... Read more

    Affected Products : stallion
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58925

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Neptunus neptunus allows PHP Local File Inclusion.This issue affects Neptunus: from n/a through <= 1.0.11.... Read more

    Affected Products : neptunus
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58709

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through <= 1.9.... Read more

    Affected Products : legacy
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58708

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes 777 triple-seven allows PHP Local File Inclusion.This issue affects 777: from n/a through <= 1.3.... Read more

    Affected Products : 777
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58706

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through <= 1.25.... Read more

    Affected Products : woo_hoo
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-53447

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Assembly assembly allows PHP Local File Inclusion.This issue affects Assembly: from n/a through <= 1.1.... Read more

    Affected Products : assembly
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-10101

    Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025.... Read more

    Affected Products : antivirus
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-13813

    A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiate... Read more

    Affected Products : mogublog
    • Published: Dec. 01, 2025
    • Modified: Dec. 03, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-68578

    Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 24, 2025
    • Vuln Type: Authorization
Showing 20 of 4860 Results