🔥 Trending CVEs - Last 30 Days

Super-linter GitHub Action versions 6.0.0 to 8.3.0 are vulnerable to command injection via specially crafted filenames containing shell command substi...

This CVE describes a SQL injection vulnerability in Craft CMS affecting the element-indexes/get-elements endpoint. Attackers with Control Panel access...

This CVE describes a privilege escalation vulnerability in Craft CMS's GraphQL API where authenticated users with write access to one asset volume can...

This vulnerability allows attackers to bypass disabled Identity Provider (IdP) checks in Keycloak's JWT authorization grant flow. An attacker with a d...

This vulnerability allows attackers to upload malicious files (like web shells) to Sensaway web servers without proper file type validation. It affect...

A buffer overflow vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code by manipulating the shareSpeed parameter in the...

A buffer overflow vulnerability exists in Tenda AC8 routers version 16.03.33.05. Remote attackers can exploit this by sending specially crafted reques...

A stack-based buffer overflow vulnerability in Tenda RX3 routers allows remote attackers to execute arbitrary code by manipulating device name paramet...

This vulnerability in Tenda RX3 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the fromSetIpMacBind fu...

This CVE describes a stack-based buffer overflow vulnerability in Tenda RX3 routers. Attackers can remotely exploit this vulnerability by manipulating...

A stack-based buffer overflow vulnerability exists in Tenda RX3 routers version 16.03.13.11. Attackers can remotely exploit this by manipulating the s...

A stack-based buffer overflow vulnerability exists in Tenda RX3 router firmware version 16.03.13.11. Attackers can remotely exploit this by manipulati...

A buffer overflow vulnerability exists in Tenda TX9 routers through firmware version 22.03.02.10_multi. Attackers can remotely exploit this vulnerabil...

A buffer overflow vulnerability in Tenda TX9 routers allows remote attackers to execute arbitrary code by manipulating the ssid parameter in the fast_...

A buffer overflow vulnerability in Tenda TX9 routers allows remote attackers to execute arbitrary code by manipulating the list argument in the SetSta...

This vulnerability allows remote attackers to execute arbitrary code on Tenda TX3 routers via a buffer overflow in the SetIpMacBind function. Attacker...

The JAY Login & Register WordPress plugin contains a privilege escalation vulnerability that allows authenticated users with Subscriber-level access o...

This CVE describes an OS command injection vulnerability in Tenda G300-F router firmware that allows remote attackers to execute arbitrary commands on...

A buffer overflow vulnerability in the UTT HiPER 810G firewall's management interface allows remote attackers to execute arbitrary code or crash the d...

A buffer overflow vulnerability in UTT 进取 520W firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code by exploiting the s...

A buffer overflow vulnerability in UTT 进取 520W router firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code by exploitin...

This CVE describes a remote buffer overflow vulnerability in UTT 进取 520W firmware version 1.7.7-180627. Attackers can exploit this by sending spec...

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sandbox for AI agent code execution. Attackers can esc...

A buffer overflow vulnerability exists in the UTT 进取 520W router firmware version 1.7.7-180627, specifically in the formIpGroupConfig function. At...

A buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code by manip...

OpenSTAManager versions 2.9.8 and earlier contain a critical OS command injection vulnerability in the P7M file decoding functionality. Authenticated ...

OpenSTAManager versions 2.9.8 and earlier contain an SQL injection vulnerability in the ajax_select.php endpoint. Authenticated attackers can execute ...

OpenFGA versions 1.8.5 to 1.11.2 have an improper policy enforcement vulnerability that can allow unauthorized access when specific authorization mode...

Gogs versions 0.13.3 and earlier have a critical authentication bypass vulnerability where 2FA recovery codes are not scoped to specific users. An att...

This CVE allows attackers to inject malicious configuration into ingress-nginx via the auth-proxy-set-headers annotation, potentially leading to arbit...

This vulnerability allows authenticated attackers to upload malicious SVG files and create hotlinks that execute stored cross-site scripting (XSS) att...

This stored XSS vulnerability in Gogs allows authenticated users to inject malicious JavaScript via data: URIs in comments and issue descriptions. The...

A stored cross-site scripting vulnerability in OpenEMR's GAD-7 anxiety assessment form allows authenticated clinicians to inject malicious JavaScript....

Authenticated users in Traccar GPS tracking system can upload malicious SVG files containing JavaScript, which executes in other users' browsers when ...

A stored cross-site scripting (XSS) vulnerability in Statmatic CMS allows authenticated users with content creation permissions to inject malicious Ja...

CVE-2026-28679 is a path traversal vulnerability in Home-Gallery.org that allows attackers to download sensitive system files outside the intended med...

This vulnerability allows attackers to elevate privileges in Payment Orchestrator Service, potentially gaining unauthorized access to payment processi...

This vulnerability in NLTK allows attackers to read arbitrary files on the server through path traversal attacks in multiple CorpusReader classes. It ...

An unauthenticated remote attacker can send crafted packets to Cisco ASA/FTD Remote Access SSL VPN servers to exhaust device memory, causing denial of...

An unauthenticated remote attacker can cause Cisco ASA/FTD firewall devices to reload by sending crafted HTTP requests to the VPN web server, resultin...

This SSRF vulnerability in changedetection.io allows authenticated users (or any user when no password is configured, which is the default) to make th...

ImageMagick's path security policy enforcement occurs before filesystem path resolution, allowing path traversal attacks to bypass policy rules like '...

This SSRF vulnerability in Astro web framework allows attackers to redirect error page requests to internal network resources by manipulating the Host...

This path traversal vulnerability in the WordPress 'Upload Files Anywhere' plugin allows attackers to delete arbitrary files on the server. It affects...

This vulnerability allows unauthenticated attackers to abuse the ShopLentor WordPress plugin as an email relay. Attackers can send arbitrary emails wi...

This SQL injection vulnerability in Tumeva News Software allows attackers to execute arbitrary SQL commands on the database. All users running affecte...

An authentication bypass vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to access stored credential data. This affec...

This reflected XSS vulnerability in Zirve Information Technologies' e-Taxpayer Accounting Website allows attackers to inject malicious scripts into we...

Calibre e-book manager versions before 9.2.0 contain a path traversal vulnerability in the CHM reader that allows attackers to write arbitrary files a...

This SSRF vulnerability in Pydantic AI allows attackers to make the server request internal network resources when applications accept message history...