🔥 Trending CVEs - Last 7 Days
192 critical and high-severity vulnerabilities discovered in the last 7 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
CVE-2026-0848 allows arbitrary code execution in NLTK versions <=3.9.2 due to improper input validation in the StanfordSegmenter module. Attackers can...
⚡ Yesterday • Mar 5, 2026This critical authentication bypass vulnerability in pac4j-jwt allows attackers with the server's RSA public key to forge JWT authentication tokens an...
📅 2 days ago • Mar 4, 2026This critical vulnerability in Cisco Secure Firewall Management Center allows unauthenticated remote attackers to execute arbitrary Java code with roo...
📅 2 days ago • Mar 4, 2026An authentication bypass vulnerability in Cisco Secure Firewall Management Center (FMC) allows unauthenticated remote attackers to execute arbitrary s...
📅 2 days ago • Mar 4, 2026This CVE describes a patch bypass vulnerability in FreeScout help desk software that allows authenticated users with file upload permissions to achiev...
📅 3 days ago • Mar 3, 2026OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx callback endpoint. Any unauthenticated visitor ca...
📅 3 days ago • Mar 3, 2026This vulnerability allows authenticated attackers with workflow write access in one project to create and manage sites on servers belonging to other p...
🔥 Today • Mar 6, 2026OpenClaw gateway versions before 2026.2.14 have an authorization bypass vulnerability where authenticated clients can manipulate node.invoke parameter...
⚡ Yesterday • Mar 5, 2026This critical vulnerability allows unauthenticated attackers to read and write sensitive files via AppEngine's HTTP-based file access feature. Attacke...
🔥 Today • Mar 6, 2026CVE-2026-29058 is a critical remote code execution vulnerability in AVideo video-sharing platform where unauthenticated attackers can execute arbitrar...
🔥 Today • Mar 6, 2026CVE-2026-28501 is an unauthenticated SQL injection vulnerability in WWBN AVideo that allows attackers to execute arbitrary SQL commands without authen...
⚡ Yesterday • Mar 6, 2026This is a critical remote code execution vulnerability in Microsoft Devices Pricing Program that allows attackers to execute arbitrary code on affecte...
⚡ Yesterday • Mar 5, 2026This vulnerability allows attackers to bypass allowlist restrictions in Nextcloud Talk by changing their display name to match an allowlisted user ID....
⚡ Yesterday • Mar 5, 2026OpenClaw versions before 2026.2.2 have a command injection vulnerability where attackers can bypass allowlist restrictions by using Windows cmd.exe me...
⚡ Yesterday • Mar 5, 2026Nginx UI versions before 2.3.3 expose an unauthenticated API endpoint that discloses encryption keys in response headers, allowing attackers to downlo...
⚡ Yesterday • Mar 5, 2026The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin is vulnerable to PHP Object Injection via deserialization of untrusted inpu...
⚡ Yesterday • Mar 5, 2026A stack buffer overflow vulnerability in D-Link DIR-513 routers allows remote attackers to execute arbitrary code via the curTime parameter in the gof...
📅 2 days ago • Mar 4, 2026OpenSTAManager versions 2.9.8 and earlier contain an authentication bypass and privilege escalation vulnerability that allows attackers to arbitrarily...
📅 3 days ago • Mar 3, 2026This CVE describes a remote command injection vulnerability in D-Link DIR-868L routers via the SSDP service. Attackers can execute arbitrary operating...
📅 3 days ago • Mar 3, 2026An authentication bypass vulnerability in Weintek cMT-3072XH2 HMI devices allows unauthorized attackers to perform administrative actions using servic...
📅 3 days ago • Mar 3, 2026A heap-based buffer overflow vulnerability in libbiosig's Intan CLP parsing allows arbitrary code execution when processing malicious files. This affe...
📅 3 days ago • Mar 3, 2026OpenMQ's management service ships with default admin credentials (admin/admin) that are never forced to change, allowing remote attackers who can reac...
📅 3 days ago • Mar 3, 2026This vulnerability allows unauthenticated attackers to create administrator accounts on WordPress sites using the User Registration & Membership plugi...
📅 4 days ago • Mar 3, 2026The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress has an authentication bypass vulnerability that allows unauthenticat...
📅 4 days ago • Mar 3, 2026This vulnerability allows remote code execution in Chamilo LMS by exploiting unfiltered parameter evaluation in SOAP requests. Attackers can execute a...
📅 4 days ago • Mar 2, 2026SimStudio versions below 0.5.74 have MongoDB tool endpoints that accept arbitrary connection parameters without authentication or host restrictions. T...
📅 4 days ago • Mar 2, 2026U-Office Force software has an insecure deserialization vulnerability that allows unauthenticated attackers to remotely execute arbitrary code on affe...
📅 4 days ago • Mar 2, 2026CVE-2026-2999 is a critical remote code execution vulnerability in IDExpert Windows Logon Agent that allows unauthenticated attackers to force the sys...
📅 4 days ago • Mar 2, 2026This CVE describes an authentication bypass vulnerability in Huawei device authentication modules that allows attackers to bypass authentication mecha...
⚡ Yesterday • Mar 5, 2026This critical vulnerability in Pebble Prism Ultra v2.9.2 allows attackers within Bluetooth range to execute arbitrary commands, intercept data, and hi...
📅 2 days ago • Mar 4, 2026This vulnerability allows unauthenticated attackers to impersonate legitimate charging stations by connecting to WebSocket endpoints without proper au...
🔥 Today • Mar 6, 2026This CVE describes a critical authentication bypass vulnerability in WebSocket endpoints used for OCPP (Open Charge Point Protocol) communication. Att...
🔥 Today • Mar 6, 2026This vulnerability allows unauthenticated attackers to impersonate legitimate charging stations by connecting to WebSocket endpoints without proper au...
⚡ Yesterday • Mar 6, 2026This vulnerability in Zephyr RTOS's DNS resolver allows an out-of-bounds write when processing malicious DNS responses. Attackers can exploit this to ...
⚡ Yesterday • Mar 5, 2026An unauthenticated reflected XSS vulnerability in SiYuan's dynamic icon API allows attackers to inject malicious JavaScript via crafted SVG images. Wh...
🔥 Today • Mar 6, 2026Ghostfolio versions before 2.245.0 contain a server-side request forgery (SSRF) vulnerability in the manual asset import feature. Attackers can exploi...
⚡ Yesterday • Mar 6, 2026A stored cross-site scripting (XSS) vulnerability in AliasVault Web Client allows attackers to inject malicious JavaScript into emails sent to any Ali...
📅 3 days ago • Mar 3, 2026This broken access control vulnerability in File Browser allows authenticated users with only Create permission to delete files and directories they s...
⚡ Yesterday • Mar 5, 2026CVE-2026-24457 is a path traversal vulnerability in OpenMQ's configuration parsing that allows remote attackers to read arbitrary files from the MQ Br...
⚡ Yesterday • Mar 5, 2026A typo in Froxlor's input validation code (== instead of =) disables email format checking for admin email settings. This allows authenticated admins ...
📅 3 days ago • Mar 3, 2026A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows low-privileged users (like trainers) to inject malicious JavaScript into cours...
⚡ Yesterday • Mar 6, 2026This vulnerability allows low-privilege users in Chamilo LMS to upload malicious files containing stored XSS payloads through the Social Networks feat...
⚡ Yesterday • Mar 5, 2026This vulnerability in OliveTin allows authentication bypass when JWT authentication is configured. Attackers can use validly signed JWT tokens intende...
🔥 Today • Mar 6, 2026This mass assignment vulnerability in Snipe-IT allows authenticated low-privileged users to modify restricted user attributes, including those of Supe...
🔥 Today • Mar 6, 2026OpenSift versions before 1.6.3-alpha contain a path traversal vulnerability (CWE-22) in multiple storage helpers that don't properly enforce directory...
⚡ Yesterday • Mar 6, 2026This vulnerability allows authenticated low-privileged users in Chamilo LMS to upload malicious files and execute arbitrary code on the server. The sy...
⚡ Yesterday • Mar 6, 2026This stored XSS vulnerability in Chamilo LMS allows attackers to inject malicious JavaScript into social network and messaging features. When authenti...
⚡ Yesterday • Mar 6, 2026OpenClaw versions before 2026.2.14 have a command hijacking vulnerability where attackers can manipulate PATH environment variables to execute malicio...
⚡ Yesterday • Mar 5, 2026This vulnerability allows attackers to bypass authentication in Keycloak by exploiting a disabled SAML client configured as an Identity Provider-initi...
⚡ Yesterday • Mar 5, 2026The WowOptin WordPress plugin allows authenticated attackers with Subscriber-level access or higher to install and activate arbitrary plugins without ...
⚡ Yesterday • Mar 5, 2026Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
