Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2025-67987

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-69406

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through <= 1.1.7.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-68543

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-68526

    Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2026-22367

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue affects Coworking: from n/a through <= 1.6.1.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2026-22369

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through <= 1.5.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-68043

    Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68514

    Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a... Read more

    Affected Products : paid_membership_subscriptions
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68495

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.... Read more

    Affected Products : jetengine
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2026-22373

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects Fooddy: from n/a through <= 1.3.10.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Injection

  • 0.0

    NA
    CVE-2025-68051

    Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2026-22377

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through <= 1.1.2.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Path Traversal

  • 0.0

    NA
    CVE-2025-68050

    Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68048

    Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.... Read more

    Affected Products : nextmove
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68032

    Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68028

    Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= ... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68037

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through <= 2.2.... Read more

    Affected Products : export_all_urls
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-68026

    Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68023

    Missing Authorization vulnerability in Addonify Addonify &#8211; Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify &#8211; Compare Products For Wo... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68021

    Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.5.... Read more

    Affected Products :
    • Published: Feb. 20, 2026
    • Modified: Feb. 20, 2026
    • Vuln Type: Authorization
Showing 20 of 5158 Results