🔥 Trending CVEs - Last 30 Days

This vulnerability in Hono web framework allows attackers to bypass route-based middleware protections (like authentication) for static files by using...

This vulnerability in cpp-httplib allows attackers to bypass configured payload size limits by sending compressed HTTP requests. When using streaming ...

An argument injection vulnerability in bird-lg-go's traceroute module allows remote attackers to inject arbitrary command-line flags via the q paramet...

This SQL injection vulnerability in the JS Help Desk WordPress plugin allows unauthenticated attackers to inject malicious SQL queries via a cookie pa...

This vulnerability allows unauthenticated attackers to cause CPU exhaustion denial-of-service by sending specially crafted JWE tokens with extremely h...

This vulnerability allows unauthenticated attackers to download arbitrary files from Weintek cMT-3072XH2 HMI devices via the download_wb.cgi component...

This vulnerability allows unauthenticated attackers to bypass signature verification in PKCS7 objects with Authenticated Attributes in AWS-LC. It affe...

A certificate validation bypass vulnerability in AWS-LC's PKCS7_verify() function allows unauthenticated attackers to bypass certificate chain verific...

This vulnerability in Koa.js allows attackers to inject malicious hostnames via specially crafted HTTP Host headers containing '@' symbols. Applicatio...

This vulnerability in minimatch allows attackers to cause denial of service by crafting glob patterns with multiple non-adjacent ** segments, causing ...

The WP Responsive Images WordPress plugin contains a path traversal vulnerability in the 'src' parameter that allows unauthenticated attackers to read...

This vulnerability in pypdf allows attackers to craft malicious PDF files that cause denial of service by exhausting system RAM when the XFA property ...

CVE-2026-27831 is a heap-based out-of-bounds read vulnerability in rldns DNS server version 2.3 that can cause denial of service. The vulnerability al...

This vulnerability allows authenticated users to achieve remote code execution by uploading a ZIP file containing a file with shell metacharacters in ...

TinyWeb versions before 2.02 are vulnerable to Slowloris denial-of-service attacks where attackers can exhaust server resources by opening many connec...

This is a use-after-free vulnerability in FreeRDP's X11 client implementation where a freed pointer is dereferenced during cleanup. An attacker could ...

This vulnerability in FreeRDP allows a malicious RDP server to trigger an out-of-bounds read by sending an execResult value of 7 or greater. This coul...

An unauthenticated attacker can cause Denial of Service on GitLab instances by sending specially crafted requests to the Jira events endpoint. This af...

An unauthenticated attacker can cause denial of service in GitLab by sending specially crafted files to the container registry event endpoint. This af...

OpenEMR versions before 8.0.0 have a session expiration bypass vulnerability. Attackers can send a specific parameter (skip_timeout_reset=1) to preven...

A firewall misconfiguration allows external attackers to connect to internal services through WAN port 5222, bypassing intended network segmentation. ...

CVE-2026-27730 is a Server-Side Request Forgery (SSRF) vulnerability in esm.sh's fetch route that allows attackers to bypass hostname-based validation...

The Geo Mashup WordPress plugin contains an SQL injection vulnerability in the 'sort' parameter that allows unauthenticated attackers to execute arbit...

The WPGSI: Spreadsheet Integration plugin for WordPress has critical REST API endpoints that lack proper authentication and authorization checks. Unau...

tfplan2md versions before 1.26.1 fail to properly mask sensitive values in Terraform plan reports, exposing secrets like API keys, passwords, and conf...

This vulnerability in Parse Dashboard's AI Agent API endpoint allows unauthenticated remote attackers to perform arbitrary read and write operations o...

A bug in Wasmtime's async component model implementation causes a panic when call_async futures are dropped before completion and then called again on...

This vulnerability in Wasmtime's WASI HTTP implementation causes denial of service when excessive HTTP headers are processed. The runtime panics inste...

A path traversal vulnerability in Fiber's static middleware on Windows allows remote attackers to bypass sanitization and read arbitrary files from th...

CVE-2026-25899 is a memory exhaustion vulnerability in GoFiber v3 web framework where a specially crafted 10-character cookie value triggers unvalidat...

Piwigo versions 14.x have a weak secret key generation vulnerability during installation. Attackers can brute-force the secret key in about one hour, ...

This vulnerability in Binardat 10G08-0800GSM network switches allows attackers to perform brute-force attacks against login credentials due to missing...

Binardat 10G08-0800GSM network switches expose administrative passwords in plaintext within the web interface and HTTP responses, allowing attackers t...

This vulnerability in Binardat 10G08-0800GSM network switches allows attackers to decrypt protected data due to the use of RC4 encryption with a hard-...

CVE-2026-27584 is an authentication bypass vulnerability in ActualBudget server that allows unauthenticated attackers to access sensitive bank account...

This vulnerability allows attackers to read uninitialized memory in Firefox and Firefox Focus for Android, potentially exposing sensitive information....

This vulnerability affects IEC 60870-5-104 implementations when bi-directional functionality is configured. Attackers can send specially crafted inval...

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 contain a memory allocation vulnerability in SVG processing. A malicious SVG file with a crafted ...

A denial-of-service vulnerability in free5GC SMF allows attackers to crash the Session Management Function by sending malformed PFCP SessionReportRequ...

ImageMagick versions before 7.1.2-15 and 6.9.13-40 have a heap information disclosure vulnerability in their PSD format handler. When processing speci...

This vulnerability in ImageMagick allows attackers to cause denial of service by exploiting an infinite loop in PCD file processing. When ImageMagick ...

A heap-based buffer overflow vulnerability in free5GC go-upf versions before 1.2.8 allows remote attackers to cause denial of service by sending speci...

This vulnerability in Valkey allows attackers with access to the clusterbus port to send specially crafted packets that cause out-of-bounds reads, pot...

CVE-2019-25461 is an unauthenticated SQL injection vulnerability in Web Ofisi Platinum E-Ticaret v5 e-commerce software. Attackers can inject maliciou...

Web Ofisi Firma v13 contains an unauthenticated SQL injection vulnerability in the 'oz' parameter. Attackers can inject malicious SQL payloads via GET...

Web Ofisi E-Ticaret v3 contains an unauthenticated SQL injection vulnerability in the 'a' parameter that allows attackers to execute arbitrary SQL que...

Dolibarr ERP/CRM 10.0.1 contains SQL injection vulnerabilities in card.php endpoints that allow authenticated attackers to inject malicious SQL throug...

GetSimple CMS has a path traversal vulnerability in its Uploaded Files feature that allows attackers to read arbitrary files on the server. This affec...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on LabCollector 5.423 by injecting malicious code through login ...

CVE-2019-25432 is an SQL injection vulnerability in Part-DB's authentication system that allows unauthenticated attackers to bypass login by injecting...