🔥 Trending CVEs - Last 90 Days

An unauthenticated remote code execution vulnerability in Oracle Agile Product Lifecycle Management for Process allows attackers to completely comprom...

CVE-2025-56005 is a critical vulnerability in the PLY (Python Lex-Yacc) library that allows remote code execution via an undocumented 'picklefile' par...

A critical command injection vulnerability in ipTIME routers allows attackers to execute arbitrary operating system commands by injecting malicious in...

A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport allows attackers to execute arbitrary code ...

An XML External Entity (XXE) vulnerability in opensagres XDocReport versions 0.9.2 through 2.0.3 allows attackers to execute arbitrary code by uploadi...

This vulnerability allows attackers to spoof the URL bar (Omnibox) in Google Chrome on Android, potentially tricking users into believing they're on a...

This vulnerability allows attackers to spoof the user interface in Chrome's Split View mode, potentially tricking users into interacting with maliciou...

This vulnerability in Google Chrome allows attackers who obtain network log files to potentially extract sensitive information due to insufficient pol...

Orval versions 7.19.0 through 8.0.2 contain a code injection vulnerability in the x-enumDescriptions field processing. Untrusted OpenAPI specification...

CVE-2026-23944 is an authentication bypass vulnerability in Arcane Docker management interface that allows unauthenticated attackers to proxy requests...

CVE-2026-23837 is an authentication bypass vulnerability in MyTube that allows unauthenticated attackers to access protected administrative functions....

This is a use-after-free vulnerability in FreeRDP's X11 client graphics handling that allows a malicious RDP server to trigger heap corruption in the ...

CVE-2026-23884 is a use-after-free vulnerability in FreeRDP clients where offscreen bitmap deletion leaves a pointer to freed memory. A malicious RDP ...

A heap buffer overflow vulnerability in FreeRDP's ClearCodec decode path allows malicious RDP servers to trigger client-side memory corruption. This c...

A heap buffer overflow vulnerability in FreeRDP's ClearCodec decode path allows malicious RDP servers to trigger client-side memory corruption. This a...

A heap buffer overflow vulnerability in FreeRDP client allows malicious RDP servers to trigger client-side memory corruption. This can cause denial of...

This vulnerability allows remote attackers to execute arbitrary code on UTT HiPER 810 routers by exploiting a buffer overflow in the password change f...

FreeRDP clients prior to version 3.21.0 contain a heap buffer overflow vulnerability in the planar bitmap decompression function. A malicious RDP serv...

This CVE describes a heap buffer overflow vulnerability in FreeRDP's ClearCodec implementation. A malicious RDP server can send crafted RDPGFX surface...

A SQL injection vulnerability in Devolutions Server's remote-sessions component allows attackers to execute arbitrary SQL commands. This affects Devol...

This vulnerability allows unauthenticated attackers to bypass authentication in the Registration & Login with Mobile Phone Number for WooCommerce Word...

This vulnerability in the RegistrationMagic WordPress plugin allows unauthenticated attackers to manipulate menu generation logic, granting administra...

MCPJam inspector versions 1.4.2 and earlier contain a critical remote code execution vulnerability. Attackers can send a crafted HTTP request that tri...

CVE-2025-14894 is an unauthenticated remote code execution vulnerability in Livewire Filemanager for Laravel applications. Attackers can upload malici...

This CVE describes a remote command injection vulnerability in Apache bRPC's heap profiler service. Attackers can execute arbitrary commands by inject...

The Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability that allows unauthenticated remote attackers to re...

The Police Statistics Database System developed by Gotac contains an arbitrary file upload vulnerability that allows unauthenticated remote attackers ...

Delta Electronics DIAView has a critical authentication bypass vulnerability (CWE-306) that allows attackers to bypass authentication mechanisms and g...

Delta Electronics DIAView contains multiple unspecified vulnerabilities related to CWE-321 (Use of Hard-coded Cryptographic Key). Attackers could pote...

Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote attackers to execute arbitrary co...

This CVE describes a critical .NET deserialization vulnerability in Changjetong T+ software that allows remote attackers to execute arbitrary code on ...

CVE-2025-70892 is a critical SQL injection vulnerability in Phpgurukul Cyber Cafe Management System v1.0 that allows attackers to execute arbitrary SQ...

This vulnerability in RustCrypto CMOV allows timing side-channel attacks on cryptographic operations when using the thumbv6m-none-eabi compiler target...

This vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands on NOAA PMEL Live Access Server (LAS) insta...

This CVE describes a critical file upload vulnerability in Omnispace Agora Project that allows attackers to execute arbitrary code through the Imagick...

CVE-2021-47819 is a critical file upload vulnerability in ProjeQtOr Project Management software that allows guest users to upload malicious PHP files ...

CVE-2021-47781 is a critical buffer overflow vulnerability in Cmder Console Emulator version 1.3.18 that allows attackers to cause denial of service b...

Kingdia CD Extractor 3.0.2 contains a critical buffer overflow vulnerability in its registration name field that allows remote attackers to execute ar...

CVE-2021-47772 is a critical buffer overflow vulnerability in 10-Strike Network Inventory Explorer Pro that allows remote code execution via malicious...

CVE-2021-47753 is an unauthenticated file upload vulnerability in phpKF CMS that allows remote attackers to upload malicious PHP files disguised as PN...

This is a critical heap use-after-free vulnerability in FreeRDP that allows remote code execution. Attackers can exploit this to execute arbitrary cod...

A heap buffer overflow vulnerability in FreeRDP allows malicious RDP servers to trigger memory corruption and crash FreeRDP clients. This affects all ...

CVE-2026-22853 is a critical heap buffer overflow vulnerability in FreeRDP's RDPEAR component that allows attackers to execute arbitrary code or cause...

This is a critical heap buffer overflow vulnerability in FreeRDP that allows a malicious RDP server to execute arbitrary code on client systems by sen...

This vulnerability in Cursor AI code editor allows attackers to execute shell built-ins without allowlist approval when the Cursor Agent runs in Auto-...

FreeImage 3.18.0 contains a use-after-free vulnerability in the TARGA image parser that allows attackers to execute arbitrary code or cause denial of ...

This vulnerability allows unauthenticated remote attackers to bypass multi-factor authentication requirements in an Orchestrator service, enabling the...

This critical vulnerability in BLUVOYIX allows unauthenticated attackers to create admin users via specially crafted HTTP requests to admin APIs. Succ...

This critical authentication bypass vulnerability in BLUVOYIX allows unauthenticated attackers to send crafted HTTP requests to backend APIs and gain ...

This vulnerability exposes sensitive internal API documentation in BLUVOYIX, allowing unauthenticated attackers to craft HTTP requests that abuse inte...