🔥 Trending CVEs - Last 30 Days

This SQL injection vulnerability in Tumeva News Software allows attackers to execute arbitrary SQL commands on the database. All users running affecte...

An authentication bypass vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to access stored credential data. This affec...

This reflected XSS vulnerability in Zirve Information Technologies' e-Taxpayer Accounting Website allows attackers to inject malicious scripts into we...

Calibre e-book manager versions before 9.2.0 contain a path traversal vulnerability in the CHM reader that allows attackers to write arbitrary files a...

This SSRF vulnerability in Pydantic AI allows attackers to make the server request internal network resources when applications accept message history...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Plane project management software. Attackers with workspace ADMIN privileges ...

CVE-2026-28442 allows authenticated users to delete critical system files in ZimaOS by manipulating API requests, bypassing frontend restrictions. Thi...

This vulnerability allows attackers to bypass frontend restrictions and create files or directories in sensitive system locations like /etc and /usr v...

This vulnerability in Valkey allows malicious users to inject arbitrary data into response streams via scripting commands, potentially corrupting or t...

This SQL injection vulnerability in the Quiz And Survey Master WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It...

This Server-Side Request Forgery (SSRF) vulnerability in SillyTavern allows authenticated users to make arbitrary HTTP requests from the server and re...

This vulnerability in Qdrant vector database allows attackers with read-only access to append arbitrary content to files on the server via the /logger...

CVE-2026-21882 is a local privilege escalation vulnerability in theshit command-line utility that allows attackers to gain root privileges by exploiti...

This vulnerability allows DAG authors with existing permissions to manipulate Airflow's database to execute arbitrary code in the web-server context w...

This CVE describes a command injection vulnerability in the systeminformation Node.js library's wifiNetworks() function. Attackers can execute arbitra...

This critical vulnerability allows attackers with admin privileges to inject and execute arbitrary template code in server-side templates due to a vul...

Saturn Remote Mouse Server has a critical command injection vulnerability that allows unauthenticated attackers on the local network to execute arbitr...

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field. Attackers can exploit this...

CVE-2020-37167 is a critical vulnerability in ClamAV's bytecode interpreter that allows attackers to manipulate function names through weak input vali...

CVE-2019-25336 is a local buffer overflow vulnerability in SpotAuditor's Base64 Encrypted Password tool that allows attackers to execute arbitrary cod...

CVE-2019-25332 is a local stack overflow vulnerability in FTP Commander Pro that allows attackers to execute arbitrary code by overwriting the EIP reg...

OpenClaw personal AI assistant versions before 2026.1.20 contain a command injection vulnerability. Unauthenticated local clients can exploit the Gate...

This CVE describes an out-of-bounds write vulnerability in Huawei camera modules that could allow attackers to crash affected systems. The vulnerabili...

This CVE describes a use-after-free concurrency vulnerability in the graphics module that could allow an attacker to cause system instability or crash...

OpenClaw versions before 2026.2.14 contain a server-side request forgery vulnerability in the Tlon Urbit extension. Attackers who can influence the co...

This vulnerability allows managers in Vaultwarden to escalate their privileges by modifying permissions for collections they shouldn't have access to....

A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows teachers to inject malicious JavaScript into the glossary function, which exec...

This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the search report option in ManageEngine ADSelfService Plu...

The eBay API MCP Server is vulnerable to environment variable injection through the updateEnvFile function, which doesn't validate input for newlines ...

This vulnerability in PanCafe Pro allows attackers to flood the system by exploiting cleartext transmission of sensitive information, potentially caus...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in Saastech Cleaning and Internet Services Inc.'s TemizlikYolda software. Attackers can ...

This vulnerability in ZITADEL's login interface allows users to bypass configured security policies and self-register accounts or use password authent...

A path traversal vulnerability in Zarf's archive extraction allows malicious packages to create symlinks pointing outside the destination directory, e...

OOP CMS BLOG 1.0 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries through search,...

CVE-2018-25196 is an SQL injection vulnerability in ServerZilla 1.0 that allows unauthenticated attackers to manipulate database queries through the e...

CVE-2018-25187 allows unauthenticated attackers to directly download the kim.db database file containing user credentials and password hashes, and exe...

CVE-2018-25189 is an SQL injection vulnerability in Data Center Audit 2.6.2 that allows unauthenticated attackers to execute arbitrary SQL queries thr...

CVE-2018-25182 is an SQL injection vulnerability in Silurus Classifieds Script 2.0 that allows unauthenticated attackers to execute arbitrary SQL quer...

CVE-2018-25175 is an SQL injection vulnerability in Alienor Web Libre 2.0 that allows unauthenticated attackers to execute arbitrary SQL queries throu...

CVE-2018-25171 is an unauthenticated SQL injection vulnerability in EdTv 2 that allows attackers to execute arbitrary SQL queries through the 'id' par...

Rmedia SMS 1.0 contains an unauthenticated SQL injection vulnerability in the editgrp.php endpoint. Attackers can extract database schema information ...

CVE-2018-25167 is an SQL injection vulnerability in Net-Billetterie 2.9 that allows unauthenticated attackers to execute arbitrary SQL queries through...

CVE-2018-25163 is an SQL injection vulnerability in BitZoom 1.0 that allows unauthenticated attackers to execute arbitrary SQL queries through the rol...

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability in SearchCustomer.php that allows attackers to execute arbitrary SQL queries ...

This vulnerability in OneUptime allows attackers to bypass two-factor authentication by replaying stolen WebAuthn assertions. The flaw occurs because ...

Ashop Shopping Cart Software contains an unauthenticated SQL injection vulnerability in the 'shop' parameter of index.php. Attackers can extract sensi...

Simple Job Script contains an unauthenticated SQL injection vulnerability in the landing_location parameter of the searched endpoint. Attackers can se...

Simple Job Script contains an unauthenticated SQL injection vulnerability in the register-recruiters endpoint via the employerid parameter. Attackers ...

CVE-2026-28562 is an unauthenticated SQL injection vulnerability in wpForo WordPress plugin versions 2.4.14 and earlier. Attackers can exploit the wpf...

This vulnerability in Hono framework versions 4.12.0-4.12.1 allows attackers to bypass IP-based access controls when using the AWS Lambda adapter behi...