🔥 Trending CVEs - Last 7 Days

This vulnerability allows attackers to exploit heap corruption in Google Chrome's DevTools through malicious extensions. Users who install untrusted C...

Dell Command | Intel vPro Out of Band versions before 4.7.0 have a path traversal vulnerability that allows local low-privileged attackers to execute ...

A remote buffer overflow vulnerability in LLM-Claw's agent deployment component allows attackers to execute arbitrary code or crash the system. This a...

This vulnerability allows authenticated attackers with Agent-level access in the LatePoint WordPress plugin to escalate privileges by linking customer...

This CVE describes a one-click remote code execution vulnerability in AFFiNE workspace software. Attackers can exploit it by tricking users into visit...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary code on servers running the Master...

This vulnerability allows attackers to inject malicious scripts into Chamilo LMS user profiles via CSV import. When other users view these profiles, t...

A stack-based buffer overflow vulnerability in Tenda AC15 routers allows remote attackers to execute arbitrary code by manipulating the wpapsk_crypto2...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code or cause denial of service by sending speciall...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the h...

This vulnerability allows remote attackers to execute arbitrary code on Tenda F453 routers by exploiting a buffer overflow in the frmL7ImForm function...

CVE-2026-3378 is a remote buffer overflow vulnerability in Tenda F453 routers affecting the qossetting function. Attackers can exploit this flaw remot...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fr...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the Sa...

This vulnerability allows authenticated attackers to upload malicious SVG files and create hotlinks that execute stored cross-site scripting (XSS) att...

This stored XSS vulnerability in Gogs allows authenticated users to inject malicious JavaScript via data: URIs in comments and issue descriptions. The...

CVE-2026-28679 is a path traversal vulnerability in Home-Gallery.org that allows attackers to download sensitive system files outside the intended med...

This vulnerability allows attackers to elevate privileges in Payment Orchestrator Service, potentially gaining unauthorized access to payment processi...

This vulnerability in NLTK allows attackers to read arbitrary files on the server through path traversal attacks in multiple CorpusReader classes. It ...

An unauthenticated remote attacker can send crafted packets to Cisco ASA/FTD Remote Access SSL VPN servers to exhaust device memory, causing denial of...

An unauthenticated remote attacker can cause Cisco ASA/FTD firewall devices to reload by sending crafted HTTP requests to the VPN web server, resultin...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Plane project management software. Attackers with workspace ADMIN privileges ...

CVE-2026-28442 allows authenticated users to delete critical system files in ZimaOS by manipulating API requests, bypassing frontend restrictions. Thi...

This vulnerability allows attackers to bypass frontend restrictions and create files or directories in sensitive system locations like /etc and /usr v...

CVE-2026-21882 is a local privilege escalation vulnerability in theshit command-line utility that allows attackers to gain root privileges by exploiti...

OpenClaw versions before 2026.2.14 contain a server-side request forgery vulnerability in the Tlon Urbit extension. Attackers who can influence the co...

This vulnerability allows managers in Vaultwarden to escalate their privileges by modifying permissions for collections they shouldn't have access to....

A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows teachers to inject malicious JavaScript into the glossary function, which exec...

A path traversal vulnerability in Zarf's archive extraction allows malicious packages to create symlinks pointing outside the destination directory, e...

OOP CMS BLOG 1.0 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries through search,...

CVE-2018-25196 is an SQL injection vulnerability in ServerZilla 1.0 that allows unauthenticated attackers to manipulate database queries through the e...

CVE-2018-25187 allows unauthenticated attackers to directly download the kim.db database file containing user credentials and password hashes, and exe...

CVE-2018-25189 is an SQL injection vulnerability in Data Center Audit 2.6.2 that allows unauthenticated attackers to execute arbitrary SQL queries thr...

CVE-2018-25182 is an SQL injection vulnerability in Silurus Classifieds Script 2.0 that allows unauthenticated attackers to execute arbitrary SQL quer...

CVE-2018-25175 is an SQL injection vulnerability in Alienor Web Libre 2.0 that allows unauthenticated attackers to execute arbitrary SQL queries throu...

CVE-2018-25171 is an unauthenticated SQL injection vulnerability in EdTv 2 that allows attackers to execute arbitrary SQL queries through the 'id' par...

Rmedia SMS 1.0 contains an unauthenticated SQL injection vulnerability in the editgrp.php endpoint. Attackers can extract database schema information ...

CVE-2018-25167 is an SQL injection vulnerability in Net-Billetterie 2.9 that allows unauthenticated attackers to execute arbitrary SQL queries through...

CVE-2018-25163 is an SQL injection vulnerability in BitZoom 1.0 that allows unauthenticated attackers to execute arbitrary SQL queries through the rol...

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability in SearchCustomer.php that allows attackers to execute arbitrary SQL queries ...

This vulnerability in OneUptime allows attackers to bypass two-factor authentication by replaying stolen WebAuthn assertions. The flaw occurs because ...

Ashop Shopping Cart Software contains an unauthenticated SQL injection vulnerability in the 'shop' parameter of index.php. Attackers can extract sensi...

Simple Job Script contains an unauthenticated SQL injection vulnerability in the landing_location parameter of the searched endpoint. Attackers can se...

Simple Job Script contains an unauthenticated SQL injection vulnerability in the register-recruiters endpoint via the employerid parameter. Attackers ...

CVE-2026-28562 is an unauthenticated SQL injection vulnerability in wpForo WordPress plugin versions 2.4.14 and earlier. Attackers can exploit the wpf...

This vulnerability allows remote code execution in applications using Locutus library versions before 3.0.0. Attackers can inject arbitrary JavaScript...

This vulnerability exposes memcached session storage without authentication in WWBN AVideo's Docker configuration, allowing attackers to hijack sessio...

This CSRF vulnerability in Chamilo LMS allows attackers to trick authenticated trainers into deleting projects within courses without their consent. T...

CVE-2026-28710 allows attackers to access and manipulate sensitive information in Acronis Cyber Protect 17 due to improper authentication. This affect...

OpenClaw versions before 2026.2.2 have an authentication bypass vulnerability in the WebSocket gateway connection handshake. Attackers can connect wit...