Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-69054

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through <= 2.8.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-69053

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-69052

    Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrat... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-69051

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects ListingPro Reviews: from n/a through <= 1.7.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-69050

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69049

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Töbel: from n/a through <= 1.6.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69048

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-69047

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech MaxShop sw_maxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through <= 3.6.20.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69046

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue affects iRecco Core: from n/a through <= 1.3.6.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69045

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through <= 1.20.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-69044

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through <= 1.3.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69043

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69042

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69041

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dekoro: from n/a through <= 1.0.7.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69040

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through <= 1.2.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69039

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69038

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through <= 1.3.6.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69037

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through <= 1.2.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-69036

    Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through <= 16.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-69035

    Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection
Showing 20 of 4640 Results