🔥 Trending CVEs - Last 30 Days

A directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to access sensitive files or delete arbitrary files by manipulating input to ...

This vulnerability allows unauthenticated remote attackers to access and export the internal telemetry SQLite database containing sensitive operationa...

This vulnerability allows unauthenticated attackers to send repeated GraphQL queries to GitLab instances, causing denial of service by exhausting serv...

This vulnerability allows unauthenticated attackers to cause denial of service on GitLab instances by bypassing JSON validation middleware limits, lea...

This vulnerability in MongoDB allows connections from proxy ports to bypass connection counting, potentially causing server crashes when connection li...

ClipBucket v5 versions before 5.5.3 - #40 have a TOCTOU race condition in avatar/background image uploads. Attackers can upload malicious PHP files th...

This vulnerability in the Emmett framework allows unauthenticated attackers to send malformed Cookie headers that trigger unhandled CookieError except...

This vulnerability allows attackers to spoof identities or data in Microsoft Office Outlook by exploiting insecure deserialization of untrusted data. ...

This vulnerability allows an unauthorized attacker to trigger a null pointer dereference in Windows LDAP service, causing a denial of service. Any Win...

This vulnerability is a buffer over-read in Windows GDI+ that allows an unauthorized attacker to cause a denial of service over a network. It affects ...

This .NET vulnerability allows unauthorized attackers to perform spoofing attacks over a network by exploiting improper handling of missing special el...

The Ninja Forms WordPress plugin has a vulnerability that allows unauthenticated attackers to extract sensitive post metadata from any post on the sit...

Docpedia developed by Flowring contains a SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL commands a...

CVE-2026-0485 is a denial-of-service vulnerability in SAP BusinessObjects BI Platform that allows unauthenticated attackers to crash and restart the C...

CVE-2026-0490 is an authentication bypass vulnerability in SAP BusinessObjects BI Platform that allows unauthenticated attackers to send crafted netwo...

Adminer v5.4.1 and earlier has a version check endpoint that lacks origin validation, allowing attackers to send malformed POST data. This causes a PH...

This vulnerability allows network attackers to intercept SumatraPDF's update requests and deliver malicious installers due to disabled TLS hostname ve...

CVE-2026-25885 is an authentication bypass vulnerability in PolarLearn's WebSocket group chat functionality. Unauthenticated attackers can subscribe t...

This vulnerability in Hollo microblogging software exposes private direct messages and followers-only posts through the ActivityPub outbox endpoint wi...

PlaciPy placement management system logs sensitive data to console output without redaction in version 1.0.0. This allows attackers with access to con...

This vulnerability in Axios allows attackers to cause denial of service by providing malicious configuration objects containing __proto__ as an own pr...

This vulnerability in Sliver C2 framework allows unauthenticated attackers to create unlimited DNS sessions without OTP validation, leading to memory ...

FileRise versions before 3.3.0 have an unauthenticated file read vulnerability where anyone can access files in the /uploads directory without authent...

CVE-2026-2236 is a SQL injection vulnerability in HGiga's C&Cm@il software that allows unauthenticated remote attackers to execute arbitrary SQL comma...

This vulnerability allows unauthenticated remote attackers to bypass authentication by exploiting insufficient URI validation. Attackers can use path ...

Yokogawa FAST/TOOLS industrial control system software uses weak cryptographic algorithms, potentially allowing attackers to decrypt web server commun...

This vulnerability in Yokogawa's FAST/TOOLS software allows attackers to potentially decrypt communications by exploiting support for outdated SSL/TLS...

A path traversal vulnerability in Yokogawa's FAST/TOOLS software allows attackers to bypass URL validation and access arbitrary files on the web serve...

This vulnerability allows attackers to bypass authentication rate limiting in HomeBox by forging IP headers, enabling brute-force attacks on login cre...

Zed code editor versions before 0.224.4 contain a Zip Slip vulnerability in the extension archive extraction functionality. This allows malicious exte...

An unauthenticated attacker on the same network segment can send a specially crafted LLDP packet to vulnerable Cisco NX-OS devices, causing the LLDP p...

This vulnerability is a stack-based buffer overflow in ImageMagick's FTXT image reader, allowing crafted FTXT files to cause out-of-bounds writes on t...

A local privilege escalation vulnerability in Tencent iOA for Windows allows authenticated local users to execute programs with elevated privileges by...

This vulnerability allows man-in-the-middle attacks by disabling TLS/SSL certificate validation in jxcore jxm master. When 'jx_obj.IsSecure' is true, ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Shiprocket WordPress plugin that allows attackers to bypass authori...

This vulnerability allows local users with knowledge of IBM Concert's system architecture to escalate privileges by exploiting incorrect file permissi...

This vulnerability in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code on the server by sending a specially crafted AJAX response. This...

This vulnerability in the Galaxy FDS Android SDK disables TLS hostname verification, allowing man-in-the-middle attackers to intercept and modify comm...

Litestar ASGI framework versions before 2.20.0 have a CORS origin validation bypass vulnerability. Attackers can craft malicious origin headers that m...

Keygraph Shannon contains a hard-coded API key in its router configuration that allows network attackers to authenticate using a publicly known static...

This CVE describes a SQL injection vulnerability in Tiandy Easy7 CMS Windows version 7.17.0. Attackers can remotely exploit the /Easy7/apps/WebService...

This vulnerability allows attackers to bypass authentication in DoraCMS 3.0.x by exploiting the Email API endpoint /api/v1/mail/send. Attackers can re...

This vulnerability in SourceCodester Client Database Management System 1.0 allows attackers to bypass authorization controls and perform unauthorized ...

This vulnerability in SourceCodester Client Database Management System allows unauthorized deletion of manager accounts via improper authorization in ...

CVE-2026-3757 is a SQL injection vulnerability in projectworlds Online Art Gallery Shop 1.0 that allows remote attackers to execute arbitrary SQL comm...

This SQL injection vulnerability in projectworlds Online Art Gallery Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the reach_...

CVE-2026-3746 is an SQL injection vulnerability in SourceCodester Simple Responsive Tourism Website 1.0 that allows attackers to execute arbitrary SQL...

This SQL injection vulnerability in Student Web Portal 1.0 allows attackers to manipulate database queries through the password registration field. Re...

This CVE describes a SQL injection vulnerability in itsourcecode University Management System 1.0, specifically in the /admin_search_student.php file....

This CVE describes a SQL injection vulnerability in code-projects Simple Flight Ticket Booking System 1.0. Attackers can manipulate the 'from' paramet...