🔥 Trending CVEs - Last 90 Days

This vulnerability exposes sensitive internal API documentation in BLUVOYIX, allowing unauthenticated attackers to craft HTTP requests that abuse inte...

The News and Blog Designer Bundle WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execu...

This vulnerability in the Integration Opvius AI for WooCommerce WordPress plugin allows unauthenticated attackers to perform path traversal attacks. A...

eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without valid credentials by manipulating login reques...

CVE-2023-54339 is a remote command execution vulnerability in Webgrind 1.1 that allows unauthenticated attackers to inject and execute arbitrary OS co...

This CVE describes a critical remote stack-based buffer overflow vulnerability in Inbit Messenger versions 4.6.0 to 4.9.0. Unauthenticated attackers c...

Explorer32++ 1.3.5.531 contains a critical buffer overflow vulnerability in Structured Exception Handler (SEH) records that allows remote code executi...

CVE-2023-54329 is a critical remote command execution vulnerability in Inbit Messenger versions 4.6.0 through 4.9.0. Unauthenticated attackers can exp...

CVE-2022-50935 is an unquoted service path vulnerability in the Flame II HSPA USB Modem software for Windows. Attackers can exploit this to execute ar...

Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing a specially crafte...

CVE-2022-50925 is a remote keystroke injection vulnerability in Prowise Reflect version 1.0.9 that allows attackers to send keyboard events through an...

This vulnerability in WAGO 750-8212 PFC200 G2 2ETH RS firmware allows attackers to escalate privileges by manipulating session cookies. Attackers can ...

CVE-2022-50919 is an unauthenticated remote code execution vulnerability in Tdarr's Help terminal that allows attackers to inject arbitrary commands. ...

This CVE describes an OS command injection vulnerability in Fortinet FortiSIEM that allows attackers to execute arbitrary commands via crafted TCP req...

An unauthenticated attacker can obtain device configuration files from vulnerable FortiFone systems by sending crafted HTTP/HTTPS requests. This affec...

An arbitrary file upload vulnerability in Hubert Hub v2.0 allows attackers to upload malicious PDF files to execute arbitrary code on affected systems...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...

This CVE describes a sandbox escape vulnerability in the Graphics component of Mozilla products due to incorrect boundary conditions. Attackers could ...

A use-after-free vulnerability in the JavaScript Engine component allows attackers to execute arbitrary code or cause denial of service. This affects ...

The Dreamer Blog WordPress theme through version 1.2 allows attackers to install arbitrary plugins or themes due to missing capability checks. This af...

TinyWeb HTTP Server versions before 1.98 are vulnerable to unauthenticated remote command injection via CGI ISINDEX-style query parameters. Attackers ...

A critical remote code execution vulnerability in Automai BotManager v25.2.0 allows attackers to execute arbitrary code on affected systems via the Bo...

The D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on its 433 MHz sensor communication channel. Attackers within RF r...

This OS command injection vulnerability in Broadcom DX NetOps Spectrum allows attackers to execute arbitrary operating system commands on affected sys...

This vulnerability in Broadcom DX NetOps Spectrum exposes sensitive information through query strings in GET requests, allowing attackers to hijack us...

A command injection vulnerability in D-Link DIR895LA1 routers allows attackers to execute arbitrary commands with root privileges by sending malicious...

EDIMAX BR-6208AC V2 router firmware version 1.02 contains a command injection vulnerability in the pppUserName field that allows attackers to execute ...

BeeS Software Solutions BET Portal contains a critical SQL injection vulnerability in its login functionality, allowing attackers to execute arbitrary...

Vivotek IP7137 cameras have a critical authentication bypass vulnerability where administrator accounts have no default password requirement. Attacker...

This vulnerability allows unauthenticated attackers to access the OPEXUS eCasePortal 'Attachments.aspx' endpoint, manipulate predictable 'formid' valu...

This vulnerability allows attackers to execute arbitrary SQL commands through the proId parameter in master/review_action.php. It affects all installa...

This SQL injection vulnerability in Print Shop Pro WebDesk allows remote attackers to execute arbitrary SQL commands by manipulating the hfInventoryDi...

A privilege escalation vulnerability in RustFS IAM allows restricted service accounts or STS credentials to self-issue unrestricted service accounts w...

An unauthenticated remote attacker can exploit a LoadLibraryEX vulnerability in Trend Micro Apex Central to load malicious DLLs, leading to arbitrary ...

CVE-2025-62877 exposes the default SSH login password in SUSE Harvester virtualization environments when using the interactive installer (1.5.x or 1.6...

This SQL injection vulnerability in the VanKarWai Lobo WordPress theme allows attackers to execute arbitrary SQL commands through specially crafted in...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Corpkit theme. It affects all Wo...

This SQL injection vulnerability in the Automotive Listings WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It af...

This CVE describes a missing authorization vulnerability in the Aruba HiSpeed Cache WordPress plugin that allows attackers to access functionality not...

This CVE describes an authentication bypass vulnerability in the Arraytics Timetics WordPress plugin that allows attackers to gain unauthorized access...

This vulnerability allows attackers to include local PHP files through improper filename control in the Neo Ocular WordPress theme, potentially leadin...

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the ContentStudio plugin. Attackers ...

This CVE describes a PHP object injection vulnerability in Tribulant Software's Newsletters WordPress plugin. Attackers can exploit insecure deseriali...

This SQL injection vulnerability in the Workreap WordPress theme plugin allows attackers to execute arbitrary SQL commands on the database. It affects...

This CVE describes an authentication bypass vulnerability in the RiceTheme Felan Framework WordPress plugin that allows attackers to gain unauthorized...

This SQL injection vulnerability in the Felan Framework WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affect...

This vulnerability allows attackers to include arbitrary local files through PHP's include/require statements in the Atlas WordPress theme. Attackers ...

This vulnerability allows attackers to include arbitrary local files through PHP's include/require statements in the Moody WordPress theme. Attackers ...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements in the Mi...

This vulnerability allows attackers to include arbitrary local files through PHP's include/require statements in the Typify WordPress theme. Attackers...