Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-67941

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue affects The Aisle: from n/a through < 2.9.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-67944

    Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.1.8.... Read more

    Affected Products : nelio_ab_testing
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-68003

    Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68018

    Missing Authorization vulnerability in ilmosys Order Listener for WooCommerce woc-order-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Listener for WooCommerce: from n/a through <= 3.6.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68030

    Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Server-Side Request Forgery

  • 0.0

    NA
    CVE-2025-68034

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.22.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-68007

    Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68013

    Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for ... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68871

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68041

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through <= 1.3.65.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68046

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elemento... Read more

    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2025-68057

    Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68058

    Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.... Read more

    Affected Products : institutions_directory
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68059

    Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.... Read more

    Affected Products : hotel_directory
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-71153

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memor... Read more

    Affected Products : linux_kernel
    • Published: Jan. 23, 2026
    • Modified: Jan. 23, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-68072

    Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17.... Read more

    Affected Products : easy_property_listings
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68510

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5.... Read more

    Affected Products : photography
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-68520

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68538

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through <= 2.3.6.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68849

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through <= 7.1.1.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 22, 2026
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4366 Results