🔥 Trending CVEs - Last 90 Days

This vulnerability allows unauthenticated remote attackers to send a POST request to the /usr/cgi-bin/restorefactory.cgi endpoint to trigger a factory...

This CVE describes an insecure direct object reference vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x systems that allows attackers to bypass aut...

ClipBucket 5.5.2 ships with hardcoded default administrative credentials, allowing unauthenticated remote attackers to gain full administrative contro...

CVE-2025-12049 is a critical authentication bypass vulnerability in Sharp Display Solutions Media Player MP-01 that allows unauthenticated attackers t...

This vulnerability allows attackers to bypass integrity checks and install unauthorized firmware on Sharp Display Solutions projectors. Attackers coul...

A stack-based buffer overflow vulnerability in Sharp Display Solutions projectors allows attackers to execute arbitrary commands and programs by sendi...

A stack-based buffer overflow vulnerability in Sharp Display Solutions projectors allows attackers to execute arbitrary commands and programs by sendi...

A stack-based buffer overflow vulnerability exists in Tenda WH450 routers version 1.0.0.18, specifically in the /goform/SafeUrlFilter endpoint. Remote...

Enterprise Cloud Database by Ragic contains a hard-coded cryptographic key vulnerability that allows unauthenticated remote attackers to generate vali...

This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by exploiting a stack-based buffer overflow in the HTTP re...

A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by sending specially crafted HTTP...

The Flex Store Users WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges due to improper role validat...

The File Uploader for WooCommerce WordPress plugin allows unauthenticated attackers to upload arbitrary files to the Uploadcare service, which can the...

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through crafted PHP scripts. This enables s...

A critical out-of-bounds write vulnerability in WatchGuard Fireware OS allows remote unauthenticated attackers to execute arbitrary code on affected s...

EasyPHP Webserver 14.1 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary system command...

CVE-2025-56157 exposes Dify installations to unauthorized database access through hardcoded PostgreSQL credentials in docker-compose.yaml. Attackers c...

This CVE describes an authentication bypass vulnerability in the AmentoTech Tuturn WordPress plugin that allows attackers to gain unauthorized access ...

This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by exploiting a stack-based buffer overflow in the HTTP re...

A critical authentication bypass vulnerability in Ollama platform allows remote attackers to perform unauthorized model management operations without ...

This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by exploiting a stack-based buffer overflow in the wireles...

A use-after-free vulnerability in Firefox's Disability Access APIs allows attackers to execute arbitrary code by manipulating freed memory. This affec...

This CVE describes a PHP object injection vulnerability in the Client Invoicing by Sprout Invoices WordPress plugin. Attackers can exploit insecure de...

This vulnerability allows attackers to upload malicious files to WordPress sites using the Contact Form 7 PDF, Google Sheet & Database plugin. Attacke...

This CVE describes a PHP object injection vulnerability in the BoldThemes Codiqa WordPress theme. Attackers can exploit insecure deserialization to ex...

This vulnerability allows remote attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in the Jannah W...

CVE-2025-64188 is an incorrect privilege assignment vulnerability in the Soledad WordPress theme that allows attackers to escalate privileges. This af...

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in the WP Gravity Forms FreshDesk Plugi...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites using the WP Gravity Forms Insightly plugin. Attackers can exp...

This vulnerability allows remote attackers to execute arbitrary code through deserialization of untrusted data in the WP Gravity Forms Zoho CRM and Bi...

This vulnerability allows attackers to execute arbitrary code on WordPress sites using the Gravity Forms Constant Contact plugin by exploiting insecur...

This vulnerability allows remote attackers to execute arbitrary code on WordPress sites using the WP Gravity Forms HubSpot plugin (gf-hubspot) through...

This vulnerability allows attackers to execute arbitrary PHP code through insecure deserialization in the WP Gravity Forms Salesforce plugin. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to inject malicious objects via untrusted data deserialization in the BoldThemes DentiCare WordPress theme, potent...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

SitemagicCMS 4.4.3 contains an unrestricted file upload vulnerability that allows attackers to upload malicious PHP files, leading to remote code exec...

CVE-2023-53922 is a critical remote code execution vulnerability in TinyWebGallery v2.5 that allows unauthenticated attackers to upload malicious PHP ...

CVE-2023-53923 is a critical privilege escalation vulnerability in UliCMS that allows unauthenticated attackers to create administrative accounts with...

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to execute arbitrary SQL comma...

CVE-2023-53914 is an authentication bypass vulnerability in UliCMS 2023.1 that allows unauthenticated attackers to create administrative accounts with...

An authentication misconfiguration in DriveLock Enterprise Service (DES) allows attackers to impersonate any DriveLock agent on the network. This affe...

A privilege escalation vulnerability in DriveLock allows users with 'Manage roles and permissions' privilege to promote themselves or other users to S...

A buffer overflow vulnerability in RIOT OS's IPv6 fragmentation reassembly allows attackers to corrupt memory by sending specially crafted IPv6 packet...

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass Lockdown Mode restrictions and access Web APIs th...

This CVE describes an authentication bypass vulnerability in Apple's Photos app where unauthorized users can view photos in the Hidden Photos Album wi...

A buffer overflow vulnerability in Tenda AC10V4.0 routers allows remote attackers to cause denial of service or potentially execute arbitrary code by ...

An Insecure Direct Object Reference (IDOR) vulnerability in Pagekit CMS v1.0.18 allows attackers to manipulate object references (like user IDs) to es...

CVE-2022-23851 is a server-side template injection vulnerability in Netaxis API Orchestrator (APIO) that allows attackers to execute arbitrary code on...

This vulnerability allows authenticated DAG authors in Apache Airflow 2 to perform remote code execution in the webserver context via an improperly ex...