🔥 Trending CVEs - Last 30 Days

CVE-2026-21325 is an out-of-bounds read vulnerability in Adobe After Effects that could allow arbitrary code execution when a user opens a malicious f...

Adobe After Effects versions 25.6 and earlier contain a use-after-free vulnerability that could allow attackers to execute arbitrary code on a victim'...

Adobe After Effects versions 25.6 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code on a v...

CVE-2026-21329 is a use-after-free vulnerability in Adobe After Effects that could allow arbitrary code execution when a user opens a malicious file. ...

Adobe After Effects versions 25.6 and earlier contain a type confusion vulnerability that could allow arbitrary code execution when a user opens a mal...

CVE-2026-21318 is an out-of-bounds write vulnerability in Adobe After Effects that could allow arbitrary code execution when a user opens a malicious ...

Adobe After Effects versions 25.6 and earlier contain a use-after-free vulnerability that could allow an attacker to execute arbitrary code on a victi...

CVE-2026-21322 is an out-of-bounds read vulnerability in Adobe After Effects that could allow arbitrary code execution when a user opens a malicious f...

Adobe After Effects versions 25.6 and earlier contain a use-after-free vulnerability that could allow attackers to execute arbitrary code on a victim'...

Adobe Audition versions 25.3 and earlier contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code when a user...

A heap-based buffer overflow vulnerability in Microsoft Office Excel allows local attackers to execute arbitrary code with elevated privileges. This a...

CVE-2026-21250 is a local privilege escalation vulnerability in Windows HTTP.sys driver where an authorized attacker can exploit untrusted pointer der...

A heap-based buffer overflow vulnerability in Microsoft Graphics Component allows authenticated attackers to execute arbitrary code with elevated priv...

A heap-based buffer overflow vulnerability in the Windows Kernel allows authenticated attackers to execute arbitrary code with elevated privileges. Th...

A heap-based buffer overflow vulnerability in the Windows Kernel allows authenticated attackers to execute arbitrary code with elevated privileges. Th...

CVE-2026-21232 is an untrusted pointer dereference vulnerability in Windows HTTP.sys that allows an authenticated attacker to escalate privileges loca...

This vulnerability allows attackers on the same local network to probe the TP-Link Tapo C260 v1 camera's filesystem to determine if specific files exi...

An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening...

A vulnerability in SINEC NMS allows low-privileged users to modify configuration files, enabling DLL hijacking attacks. This could lead to arbitrary c...

A low-privileged user can modify configuration files in SINEC NMS User Management Component, allowing malicious DLL loading. This leads to arbitrary c...

A data validation vulnerability in NX software versions before V2512 allows local attackers to manipulate internal data during PDF export, potentially...

An out-of-bounds write vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into openin...

An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening...

An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening...

An out-of-bounds read vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into opening...

A heap-based buffer overflow vulnerability in Simcenter Femap and Simcenter Nastran allows attackers to execute arbitrary code by tricking users into ...

CVE-2025-11547 is a privilege escalation vulnerability in AXIS Camera Station Pro that allows authenticated non-admin users to gain administrative pri...

CVE-2025-15310 is a local privilege escalation vulnerability in Tanium Patch Endpoint Tools that allows authenticated local users to gain elevated pri...

CVE-2025-15319 is a local privilege escalation vulnerability in Tanium's Endpoint Configuration Toolset Solution that allows authenticated local users...

This vulnerability in vscode-spell-checker extension allows arbitrary code execution when opening untrusted VS Code workspaces. Attackers can place ma...

PowerDocu versions before 2.4.0 contain a critical deserialization vulnerability where the application blindly trusts the $type property in JSON files...

SumatraPDF versions 3.5.2 and earlier contain a vulnerability where clicking 'Show in folder' in the File menu executes explorer.exe from the same dir...

GIGABYTE MacroHub has a local privilege escalation vulnerability where authenticated local attackers can execute arbitrary code with SYSTEM privileges...

This CVE describes a configuration bypass vulnerability in Backstage's TechDocs plugin that allows arbitrary Python code execution. Attackers can craf...

Flowise versions before 3.0.13 contain an unauthenticated database injection vulnerability that allows attackers to manipulate internal database field...

OpenClaw sandbox browser bridge server accepts requests without gateway authentication, allowing local attackers to access browser control endpoints. ...

OpenClaw versions 2.0.0-beta3 through 2026.2.13 contain a path traversal vulnerability in the hook transform module loading mechanism. Attackers with ...

This vulnerability allows authenticated remote attackers with VPN access to cause Cisco ASA/FTD devices to crash and reload by sending specially craft...

This vulnerability allows authenticated remote attackers to cause denial of service on Cisco ASA and FTD firewalls by sending specially crafted GCM-en...

This vulnerability in Cisco Secure Firewall ASA and FTD software allows authenticated VPN users to send specially crafted IKEv2 packets that cause mem...

This CVE describes a command injection vulnerability in WPGraphQL's GitHub Actions workflow that allows arbitrary command execution when merging pull ...

Plane project management tool versions before 1.2.2 contain a Full Read SSRF vulnerability in the 'Add Link' feature. Authenticated users can send arb...

An authenticated remote attacker can cause a denial of service (DoS) on Cisco Nexus 9000 Series Fabric Switches in ACI mode by sending continuous SNMP...

This vulnerability allows a malicious actor to take over local user accounts when federated authentication with Silent Just-In-Time Provisioning is en...

Wallos versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the logo/icon upload functionality. Attackers can bypass...

This vulnerability allows authenticated users in Metabase to extract sensitive information including database credentials via template evaluation in e...

This path traversal vulnerability in the WordPress User Extra Fields plugin allows attackers to delete arbitrary files on the server. It affects all W...

This path traversal vulnerability in the Woo File Dropzone WordPress plugin allows attackers to delete arbitrary files on the server. It affects all W...

CVE-2025-1272 is a Linux kernel vulnerability where lockdown mode is disabled without warning in Fedora Linux kernel versions 6.12+, allowing attacker...

This vulnerability allows unauthenticated attackers to mark WooCommerce orders as paid without actual payment by reusing valid payment tokens from oth...