🔥 Trending CVEs - Last 90 Days

This CVE describes a supply chain compromise where unauthorized modifications were introduced into certain ASUS Live Update client versions. The modif...

CVE-2025-65834 is a critical buffer overflow vulnerability in Shotcut video editor that allows remote code execution when processing malicious MLT pro...

This vulnerability allows an attacker to perform an out-of-bounds write in the PCIe driver's S-EL0 address space via a malformed SMC call to the UEFI-...

This vulnerability allows attackers to execute arbitrary code in the UEFI-MM Secure Partition context through an out-of-bounds write via a malformed S...

This CVE describes an authentication bypass vulnerability in QNAP operating systems that allows remote attackers to spoof authentication and access re...

This SQL injection vulnerability in QNAP operating systems allows remote attackers to execute arbitrary SQL commands. If exploited, attackers could ex...

This vulnerability in Weblate allows one user to accept an invitation that was opened by another user, potentially leading to unauthorized access or p...

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to execute arbitrary SQL queries. T...

Soosyze 2.0.0 contains an unrestricted file upload vulnerability that allows attackers to upload HTML files containing PHP code. This enables remote c...

GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field. Attackers can crash the application by overw...

This CVE describes a critical remote code execution vulnerability in MooreThreads torch_musa where unsafe deserialization via pickle.load() allows arb...

This vulnerability allows unauthenticated attackers to create new user accounts with administrator privileges in WordPress sites using the Fox LMS plu...

A remote buffer overflow vulnerability exists in Shiguangwu sgwbox N3 devices version 2.0.25 through the WIREDCFGGET interface. Attackers can exploit ...

A buffer overflow vulnerability in the Shiguangwu sgwbox N3 NAS device allows remote attackers to execute arbitrary code by manipulating parameters in...

This is a critical command injection vulnerability in Shiguangwu sgwbox N3 version 2.0.25 that allows remote attackers to execute arbitrary commands o...

This vulnerability allows remote attackers to execute arbitrary commands on Shiguangwu sgwbox N3 devices through command injection in the NETREBOOT In...

This vulnerability allows remote attackers to execute arbitrary commands on Shiguangwu sgwbox N3 NAS devices through command injection in the SHARESER...

A remote stack-based buffer overflow vulnerability in Tenda WH450 routers allows attackers to execute arbitrary code by sending specially crafted HTTP...

The Growatt ShineLan-X communication dongle contains an undocumented backup account with hardcoded credentials, creating a backdoor that allows attack...

The SWD debug interface on Growatt ShineLan-X communication dongles is enabled by default, allowing attackers to gain debug access to extract secrets ...

CVE-2025-36747 is a critical vulnerability in ShineLan-X firmware where hardcoded FTP credentials allow attackers to establish insecure connections. T...

The JAY Login & Register WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing u...

The Export WP Page to Static HTML & PDF WordPress plugin exposes authentication cookies in publicly accessible cookies.txt files when administrators t...

This SQL injection vulnerability in the URL Shortener Plugin For WordPress allows unauthenticated attackers to execute arbitrary SQL queries through t...

This vulnerability in Gladinet CentreStack and Triofox involves hardcoded AES encryption keys, allowing attackers to decrypt sensitive data and potent...

The Dormakaba Saflok System 6000 uses a predictable key generation algorithm that allows attackers to derive valid card access keys from a 32-bit uniq...

Typora 1.7.4 contains a command injection vulnerability in PDF export preferences that allows attackers to execute arbitrary system commands. Attacker...

PCMan FTP Server 2.0 contains a critical buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. At...

Insecure permissions in MineAdmin v3.x scheduled tasks allow attackers to execute arbitrary commands, leading to remote code execution and full accoun...

Apache StreamPark versions 2.0.0 through 2.1.6 use a hard-coded encryption key, allowing attackers to decrypt sensitive data or forge encrypted inform...

This CVE describes a GitHub Actions workflow vulnerability in Parse Server that grants elevated permissions to CI/CD pipelines. It allows unauthorized...

CVE-2025-67728 is a command injection vulnerability in Fireshare that allows authenticated users (or unauthenticated users if Public Uploads is enable...

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers running the vulnerable Multi Uploader for Gravity F...

The LazyTasks WordPress plugin has an unauthenticated privilege escalation vulnerability that allows attackers to change any user's email address via ...

CVE-2024-58308 is a critical SQL injection vulnerability in Quick.CMS 6.7 that allows unauthenticated attackers to bypass login authentication and gai...

CVE-2024-58309 is an unauthenticated SQL injection vulnerability in xbtitFM 4.1.18 that allows remote attackers to execute arbitrary SQL commands. Att...

This critical vulnerability in AzeoTech DAQFactory allows attackers to write data beyond allocated memory boundaries, potentially leading to arbitrary...

An uninitialized pointer vulnerability in AzeoTech DAQFactory allows attackers to execute arbitrary code on affected systems. This affects DAQFactory ...

This critical vulnerability in Android's audio decoder allows remote attackers to execute arbitrary code without user interaction by exploiting an out...

This is a critical buffer overflow vulnerability in UTT 进取 512W routers that allows remote attackers to execute arbitrary code by exploiting the s...

The WP CarDealer WordPress plugin has a critical privilege escalation vulnerability that allows unauthenticated attackers to register accounts with ad...

Aqara Hub devices contain an undocumented remote access mechanism that allows attackers to execute arbitrary commands without authentication. This vul...

The Meatmeet Pro device contains hardcoded Wi-Fi credentials in its firmware, allowing attackers to gain unauthorized access to the vendor's Wi-Fi net...

This CVE describes a mobile application that contains hardcoded Wi-Fi credentials for the vendor's development network. If attackers extract these cre...

The Meatmeet Android mobile app version 1.1.2.0 contains an exported activity that can be triggered by other apps, revealing a hidden page with inform...

CVE-2023-53740 is an authentication bypass vulnerability in Screen SFT DAB 1.9.3 that allows attackers to change the admin password without authentica...

An unauthenticated remote code execution vulnerability in ChanCMS v3.3.4 allows attackers to execute arbitrary code via template injection in the /vip...

This vulnerability in Barracuda Service Center allows attackers to execute arbitrary code remotely by exploiting insecure reflection in WSDL service n...

Barracuda Service Center in the RMM solution prior to version 2025.1.1 exposes a .NET Remoting service that allows deserialization of arbitrary types,...

This vulnerability in Barracuda Service Center allows attackers to upload malicious WSDL files that bypass URL validation, leading to arbitrary file w...