🔥 Trending CVEs - Last 90 Days

A remote stack-based buffer overflow vulnerability in Tenda W6-S routers allows attackers to execute arbitrary code by manipulating Cookie parameters ...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include and execute arbitrary local files on servers running the vulnerable Cinerama WordPress theme. Attackers...

This SQL injection vulnerability in the BWL Pro Voting Manager WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It...

This vulnerability allows attackers to include local PHP files through improper filename control in the Greenmart WordPress theme. Attackers can read ...

This vulnerability allows attackers to include local files on the server through the WordPress Social Login and Register plugin. Attackers can potenti...

This CVE describes an authentication bypass vulnerability in the Mobile Builder WordPress plugin that allows attackers to gain unauthorized access wit...

CVE-2024-27480 is an insecure file upload vulnerability in VvvebJs 1.7.2 that allows attackers to upload malicious files without proper validation. Th...

VvvebJs 1.7.2 contains an unrestricted file upload vulnerability in save.php that allows attackers to upload arbitrary files, including malicious scri...

A stack-based buffer overflow vulnerability in KuWFi 4G LTE AC900 devices allows attackers to crash the web server or potentially execute arbitrary co...

CVE-2025-69201 is a command injection vulnerability in Tugtainer's agent API that allows attackers to inject arbitrary arguments into docker container...

A critical authentication bypass vulnerability in Fossorial Pangolin's 2FA component allows remote attackers to escalate privileges without proper aut...

A stack-based buffer overflow vulnerability in the hedwig.cgi HTTP header handler of D-Link DIR-600 routers allows remote attackers to execute arbitra...

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an 'instanceof' expression uses...

A file upload vulnerability in MachSol MachPanel 8.0.32 allows attackers to upload malicious files and gain webshell access. This affects organization...

CVE-2025-15228 is a critical arbitrary file upload vulnerability in WELLTEND TECHNOLOGY's BPMFlowWebkit software. Unauthenticated remote attackers can...

WMPro software from Sunnet contains an unauthenticated arbitrary file upload vulnerability that allows remote attackers to upload malicious files (lik...

Eigent multi-agent Workforce version 0.0.60 contains a 1-click Remote Code Execution vulnerability that allows attackers to execute arbitrary code on ...

This vulnerability in FreshRSS allows attackers to predict authentication tokens due to weak random number generation, enabling account takeover throu...

CVE-2024-44065 is a critical SQL injection vulnerability in Cloudlog v2.6.15 that allows attackers to execute arbitrary SQL commands through the qsore...

This authentication bypass vulnerability in IBM API Connect allows remote attackers to gain unauthorized access without valid credentials. It affects ...

CVE-2025-8769 is a critical remote code execution vulnerability in Telenium Online Web Application. Attackers can inject arbitrary Perl code through c...

This SQL injection vulnerability in the CRM Perks Integration for Contact Form 7 HubSpot WordPress plugin allows attackers to execute arbitrary SQL co...

This vulnerability allows attackers to include arbitrary local files through PHP's include/require statements in the Fana WordPress theme. Attackers c...

This CVE describes a PHP Local File Inclusion vulnerability in the WordPress Subscribe to Unlock Lite plugin. Attackers can include arbitrary local fi...

This CVE describes a Missing Authorization vulnerability in the JayBee Twitch Player WordPress plugin (ttv-easy-embed-player) that allows attackers to...

This SQL injection vulnerability in the Captivate Sync WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects...

This CVE describes a PHP Local File Inclusion vulnerability in the Bookory WordPress theme. Attackers can include arbitrary local files through improp...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This SQL injection vulnerability in the BeRocket Brands for WooCommerce plugin allows attackers to execute arbitrary SQL commands on affected WordPres...

This CVE describes a blind SQL injection vulnerability in the User Feedback Lite WordPress plugin. Attackers can inject malicious SQL commands through...

This CVE describes a PHP Local File Inclusion vulnerability in the Docket Cache WordPress plugin. Attackers can include arbitrary local files on the s...

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in Icegram Express Pro...

This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers running the Print Invoice & Delivery Notes for WooC...

This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands on IceWarp servers by injecting malicious co...

This is a critical stack-based buffer overflow vulnerability in Tenda WH450 routers that allows remote attackers to execute arbitrary code by sending ...

This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by sending specially crafted HTTP requests to the PPTPDCli...

This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by exploiting a stack-based buffer overflow in the NatStat...

A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by sending specially crafted HTTP...

The PhastPress WordPress plugin contains a critical vulnerability allowing unauthenticated attackers to read arbitrary files from the webroot via null...

A buffer overflow vulnerability in net-snmp's snmptrapd daemon allows remote attackers to crash the service via specially crafted SNMP trap packets. T...

CVE-2025-65856 is an authentication bypass vulnerability in Xiongmai XM530 IP cameras that allows unauthenticated remote attackers to access sensitive...

CVE-2023-53980 is a critical remote code execution vulnerability in ProjectSend r1605 that allows attackers to upload malicious files with disguised e...

CVE-2023-53966 is a format string vulnerability in SOUND4 LinkAndShare Transmitter 1.1.2 that allows attackers to trigger memory stack overflows via m...

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to delete user accounts without credentials by exploiting I...

This SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x allows attackers to bypass authentication by injecting malicious SQL cod...

CVE-2023-53963 is an unauthenticated remote command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x systems. Attackers can execute arbit...

This vulnerability allows unauthenticated remote attackers to send a POST request to the /usr/cgi-bin/restorefactory.cgi endpoint to trigger a factory...

This CVE describes an insecure direct object reference vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x systems that allows attackers to bypass aut...