Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-49943

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Femme femme allows PHP Local File Inclusion.This issue affects Femme: from n/a through <= 1.3.11.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49365

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This issue affects Jack Well: from n/a through <= 1.0.14.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49371

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Strux strux allows PHP Local File Inclusion.This issue affects Strux: from n/a through <= 1.9.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49364

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.This issue affects Ludos Paradise: from n/a through <= 2.1.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49363

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through <= 1.1.16... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-49360

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This issue affects Militarology: from n/a through <= 1.0.15.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-49362

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gracioza gracioza allows PHP Local File Inclusion.This issue affects Gracioza: from n/a through <= 1.0.15.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-10101

    Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection. This issue affects Antivirus: from 15.7 before 3.9.2025.... Read more

    Affected Products : antivirus
    • Published: Dec. 01, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-64223

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign PenNews pennews allows PHP Local File Inclusion.This issue affects PenNews: from n/a through < 6.7.3.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-60060

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pubzinne pubzinne allows PHP Local File Inclusion.This issue affects Pubzinne: from n/a through <= 1.0.12.... Read more

    Affected Products : pubzinne
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-58923

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Critique critique allows PHP Local File Inclusion.This issue affects Critique: from n/a through <= 1.17.... Read more

    Affected Products : critique
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-65778

    An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type (text/html), allowing execution of attacker-supplied HTML/JS in the applicat... Read more

    Affected Products : wekan
    • Published: Dec. 15, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-57489

    Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.... Read more

    Affected Products : superduper\!
    • Published: Dec. 01, 2025
    • Modified: Dec. 05, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-49369

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Lettuce lettuce allows PHP Local File Inclusion.This issue affects Lettuce: from n/a through <= 1.1.7.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-6326

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from n/a through <= 1.18.0.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-53434

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ChildHope childhope allows PHP Local File Inclusion.This issue affects ChildHope: from n/a through <= 1.1.8.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-53896

    Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched i... Read more

    • Published: Nov. 29, 2025
    • Modified: Dec. 02, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2025-49368

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Palladio palladio allows PHP Local File Inclusion.This issue affects Palladio: from n/a through <= 1.1.10.... Read more

    Affected Products :
    • Published: Dec. 18, 2025
    • Modified: Dec. 18, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-60061

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Kicker kicker allows PHP Local File Inclusion.This issue affects Kicker: from n/a through <= 2.2.0.... Read more

    Affected Products : kicker
    • Published: Dec. 18, 2025
    • Modified: Dec. 23, 2025
    • Vuln Type: Path Traversal

  • 8.0

    HIGH
    CVE-2025-67641

    Jenkins Coverage Plugin 2.3054.ve1ff7b_a_a_123b_ and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission ... Read more

    Affected Products : coverage
    • Published: Dec. 10, 2025
    • Modified: Dec. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4779 Results