Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-66142

    Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-67626

    Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 0.0

    NA
    CVE-2025-68518

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68010

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63.... Read more

    Affected Products : netgsm
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68039

    Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0.... Read more

    Affected Products : backup_and_restore_wordpress
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32057

    The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration f... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-68035

    Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-68027

    Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68019

    Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.... Read more

    Affected Products : seo_booster
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68012

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through <= 0.10.1.... Read more

    Affected Products : codecolorer
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-67923

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.7.7.... Read more

    Affected Products : jetengine
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-69039

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-68011

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68009

    Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-69035

    Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-69003

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0.... Read more

    Affected Products : kentharadio
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68913

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-68866

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68859

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68507

    Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.... Read more

    Affected Products : icegram_express
    • Published: Jan. 22, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization
Showing 20 of 4604 Results