🔥 Trending CVEs - Last 30 Days

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a PHP Local File Inclusion vulnerability in the Redy WordPress theme by axiomthemes, allowing attackers to include arbitrary local ...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows remote attackers to execute arbitrary operating system commands on EnOcean SmartServer IoT devices by sending specially craf...

This CVE describes a PHP Local File Inclusion vulnerability in the PJ | Life & Business Coaching WordPress theme. Attackers can include arbitrary loca...

This CVE describes a PHP Local File Inclusion vulnerability in the Struktur WordPress theme. Attackers can include arbitrary local files through impro...

This vulnerability allows attackers to include local PHP files through improper filename control in the ThemeREX Gable WordPress theme. Attackers can ...

This CVE describes a PHP Local File Inclusion vulnerability in the ThemeREX Tint WordPress theme. Attackers can exploit improper filename control in i...

This CVE describes a PHP Local File Inclusion vulnerability in the ThemeREX Cobble WordPress theme. Attackers can include arbitrary local files throug...

This CVE describes a PHP Local File Inclusion vulnerability in the SolverWp Portfolio Builder WordPress plugin. Attackers can exploit improper filenam...

This vulnerability allows attackers to include local PHP files through improper filename control in the PeakShops WordPress theme. Attackers can poten...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a Local File Inclusion (LFI) vulnerability in the Hara WordPress theme that allows attackers to include arbitrary local files throu...

This CVE describes a PHP Local File Inclusion vulnerability in the Urna WordPress theme. Attackers can exploit improper filename control in include/re...

SPIP versions before 4.4.9 contain an insecure deserialization vulnerability in the public area through the table_valeur filter and DATA iterator. Att...

CVE-2026-26016 is an authorization bypass vulnerability in Pterodactyl Panel's Wings control plane that allows any authenticated Wings node to access ...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects, including JavaScript actions, through user-controlled properties in the ...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects into generated documents by controlling the argument of the `addJS` metho...

Dell PowerProtect Data Manager versions before 19.22 have an incorrect privilege assignment vulnerability that allows low-privileged remote attackers ...

Dell Unisphere for PowerMax version 10.2 contains a relative path traversal vulnerability that allows low-privileged remote attackers to modify critic...

Dell Unisphere for PowerMax version 10.2 contains a path traversal vulnerability that allows low-privileged remote attackers to delete arbitrary files...

IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0 returns sensitive information in HTTP responses that could enable user impersonation....

This vulnerability in Intelbras VIP 3260 Z IA devices allows attackers to bypass password recovery mechanisms through the /OutsideCmd endpoint. It aff...

The Magic Login Mail or QR Code WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to gain access to any ...

This vulnerability allows attackers to bypass Caido's domain whitelist protection by injecting a malicious X-Forwarded-Host header, enabling unauthori...

A length underflow vulnerability in the BACnet Stack library allows attackers to cause denial-of-service through malformed WriteProperty requests. Thi...

In LavinMQ versions before 2.6.8, authenticated users with the 'Policymaker' management tag can bypass access controls to create shovels, allowing the...

A buffer overflow vulnerability in Qsync Central allows authenticated remote attackers to modify memory or crash processes. This affects all Qsync Cen...

A buffer overflow vulnerability in Qsync Central allows authenticated remote attackers to modify memory or crash processes. This affects all Qsync Cen...

A buffer overflow vulnerability in Qsync Central allows authenticated remote attackers to modify memory or crash processes. This affects all QNAP Qsyn...

A buffer overflow vulnerability in QNAP operating systems allows authenticated remote attackers to modify memory or crash processes. This affects user...

This vulnerability allows an unauthorized attacker to execute arbitrary code over a network by exploiting improper certificate validation in Azure Loc...

This vulnerability allows unauthenticated attackers to bypass LDAP authentication for Agentless VPN or FSSO policies in Fortinet FortiOS when the remo...

In File Browser versions before 2.57.1, authenticated users can bypass file access restrictions by adding extra slashes to file paths in requests. Thi...

This vulnerability in Keycloak allows attackers to modify invitation token payloads to self-register into unauthorized organizations. Attackers can ex...

This vulnerability in Nebula overlay networking tool allows attackers to bypass certificate blocklist entries when using P256 certificates (non-defaul...

CVE-2026-24135 is a path traversal vulnerability in Gogs self-hosted Git service that allows authenticated users with wiki write access to delete arbi...

This vulnerability allows cross-site scripting (XSS) attacks in MarkUs assignment submission system. Attackers can inject malicious scripts into stude...

This vulnerability allows unauthenticated attackers to inject arbitrary scripts into GitLab's Mermaid diagram sandbox UI, potentially leading to cross...

This vulnerability in NVIDIA Cumulus Linux and NVOS allows low-privileged users to execute unauthorized commands through the NVUE interface, potential...

This stored cross-site scripting (XSS) vulnerability in Jenkins allows attackers with Agent/Configure or Agent/Disconnect permissions to inject malici...

This CVE describes a sandbox escape vulnerability in Cursor code editor versions prior to 2.5. A malicious AI agent could write to improperly protecte...