🔥 Trending CVEs - Last 30 Days

openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization vulnerability in changelog processing. While no current explo...

CVE-2026-24891 is an unsafe deserialization vulnerability in openITCOCKPIT monitoring tool that allows PHP Object Injection when untrusted systems can...

This vulnerability exposes user credentials through unencrypted HTTP Basic Authentication in an embedded web interface. Attackers on the same network ...

This vulnerability allows attackers to bypass authentication and spoof identities in the WooODT Lite WordPress plugin. It affects all WooCommerce site...

This CVE describes a PHP Local File Inclusion vulnerability in the Simple Retail Menus WordPress plugin. Attackers can include arbitrary local files f...

This CVE describes a missing authorization vulnerability in the Jthemes Exzo WordPress theme that allows attackers to bypass access controls. It affec...

This CVE describes a PHP Local File Inclusion vulnerability in the WP Shop WordPress plugin. Attackers can include arbitrary local files through impro...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a missing authorization vulnerability in the ModelTheme Framework WordPress plugin that allows attackers to bypass access controls....

This CVE describes a missing authorization vulnerability in the GhostPool Gauge WordPress theme that allows attackers to bypass access controls. The v...

This CVE describes a Missing Authorization vulnerability in the NextMove Lite WordPress plugin that allows attackers to bypass access controls. The vu...

This CVE describes a Missing Authorization vulnerability in the YayCommerce YayCurrency WordPress plugin that allows attackers to delete arbitrary con...

OpenClaw's Feishu extension had a path traversal vulnerability that allowed reading arbitrary local files by supplying attacker-controlled paths. This...

OpenClaw's SSRF protection could be bypassed using IPv4-mapped IPv6 addresses, allowing attackers to access restricted internal resources like localho...

OpenClaw versions 2026.2.13 and below with the @openclaw/voice-call plugin allow unauthenticated attackers to forge Telnyx webhook events when telnyx....

This vulnerability allows attackers to bypass authentication in OpenClaw's BlueBubbles iMessage plugin by sending webhook requests from localhost addr...

A logic flaw in httpsig-hyper versions before 0.0.23 causes digest verification to always succeed regardless of actual digest values, allowing message...

A cryptographic flaw in go-ethereum's ECIES implementation allows attackers to extract bits of the p2p node key. This affects all Geth nodes running v...

This CVE describes a PHP Local File Inclusion vulnerability in the VanKarWai Airtifact WordPress theme. Attackers can include arbitrary local files th...

This vulnerability in soroban-sdk allows attackers to bypass security checks in Soroban smart contracts when trait and inherent functions share the sa...

An authenticated user with team edit permissions in Penpot can read arbitrary files from the server filesystem by exploiting a path traversal vulnerab...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks through the 'search' parameter in the Product Table an...

The wpForo Forum plugin for WordPress has a time-based SQL injection vulnerability in the 'wpfob' parameter that allows unauthenticated attackers to e...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

OpenClaw versions 2026.1.30 and below have an authentication bypass vulnerability in Telegram webhook mode. When channels.telegram.webhookSecret is no...

This SQL injection vulnerability in the WordPress Library Management System plugin allows unauthenticated attackers to inject malicious SQL queries th...

The GDPR Cookie Consent WordPress plugin has an unauthenticated REST API vulnerability that allows attackers to retrieve sensitive plugin settings wit...

This vulnerability allows remote attackers to crash the web service on Bematech MP-4200 TH printers by sending specially crafted POST requests to the ...

CVE-2019-25353 is a buffer overflow vulnerability in Foscam Video Management System that allows attackers to cause denial of service by sending a spec...

CVE-2019-25355 is a directory traversal vulnerability in gSOAP 2.8 that allows unauthenticated attackers to access sensitive system files by manipulat...

CVE-2019-25349 is a buffer overflow vulnerability in ScadaApp for iOS that allows attackers to cause a denial of service by crashing the application. ...

CVE-2026-23491 is a path traversal vulnerability in InvoicePlane that allows unauthenticated attackers to read arbitrary files on the server by manipu...

This vulnerability in Rack's Rack::Directory component allows attackers to bypass directory restrictions using path traversal techniques. By crafting ...

A vulnerability in BIG-IP AFM or BIG-IP DDoS modules causes the Traffic Management Microkernel (TMM) to terminate when processing specific undisclosed...

This SQL injection vulnerability in the WPNakama WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through the 'order'...

A TLS certificate validation vulnerability in Guardian Gryphon v01.06.0006.22 allows attackers to bypass authentication and execute arbitrary commands...

The PhotoStack Gallery WordPress plugin contains an SQL injection vulnerability in the 'postid' parameter that allows unauthenticated attackers to exe...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform Local File Inclusion attacks via the Flexi ...

This vulnerability allows unauthenticated attackers to spoof BlueSnap IP addresses and send forged payment notifications to WordPress sites using the ...

A Null Pointer Dereference vulnerability in TON Blockchain's TVM allows attackers to crash validator nodes by sending malicious transactions. This cau...

A stack overflow vulnerability in TON Virtual Machine (TVM) allows attackers to craft smart contracts with deeply nested jump logic that exhausts stac...

A state pollution vulnerability in TON Virtual Machine (TVM) allows denial of service when Out-of-Gas exceptions occur during child VM initialization....

This CVE describes a Denial of Service vulnerability in TON Lite Server where attackers can inject malicious Continuation objects into locally execute...

This vulnerability in BACnet Stack allows attackers to write files to arbitrary directories due to lack of path validation in file writing functionali...

A heap buffer overflow vulnerability in free5GC's UPF component allows remote attackers to crash the UPF service via specially crafted PFCP Session Mo...

A protocol compliance vulnerability in free5GC's UPF component allows remote attackers to send malformed PFCP Association Setup Requests that violate ...

A remote array index out-of-bounds vulnerability in free5GC's AMF component allows attackers to crash the AMF service via specially crafted 5GS Mobile...

CVE-2019-25340 is a stack-based buffer overflow vulnerability in SpotAuditor's Base64 decryption feature that allows attackers to cause denial of serv...

CVE-2019-25342 is a denial of service vulnerability in Centova Cast that allows attackers to overwhelm the system by repeatedly calling the database e...

GHIA CamIP 1.2 for iOS contains a denial of service vulnerability where attackers can crash the application by pasting a 33-character buffer of repeat...