🔥 Trending CVEs - Last 90 Days
4,451 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Grav CMS versions before 1.7.49.5. Attackers can exploit Twig template proces...
📅 85 days ago • Dec 15, 2025This vulnerability allows authenticated namespace administrators in OpenShift GitOps to create ArgoCD Custom Resources that grant them elevated permis...
📅 85 days ago • Dec 15, 2025CVE-2025-66430 is an incorrect access control vulnerability in Plesk's Password Protected Directories feature that allows authenticated Plesk users to...
📅 88 days ago • Dec 12, 2025CVE-2025-58130 is an insufficiently protected credentials vulnerability in Apache Fineract that could allow attackers to access sensitive authenticati...
📅 88 days ago • Dec 12, 2025An out-of-bounds read vulnerability in AzeoTech DAQFactory allows attackers to read memory beyond allocated buffers, potentially exposing sensitive in...
📅 88 days ago • Dec 11, 2025This vulnerability allows authorized or administrative users to install and execute untrusted extensions on ScreenConnect servers, potentially leading...
📅 89 days ago • Dec 11, 2025This CVE describes a mobile application vulnerability where the app allows clear text HTTP traffic to all domains, enabling man-in-the-middle attacks....
📅 89 days ago • Dec 10, 2025This vulnerability allows attackers to intercept and manipulate TLS traffic between a mobile application and its server due to missing certificate val...
📅 89 days ago • Dec 10, 2025DataGear v5.5.0 contains a path traversal vulnerability (CWE-22) that allows attackers to delete arbitrary files on the server. This affects all DataG...
📅 89 days ago • Dec 10, 2025A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows low-privileged users (like trainers) to inject malicious JavaScript into cours...
📅 4 days ago • Mar 6, 2026This vulnerability allows low-privilege users in Chamilo LMS to upload malicious files containing stored XSS payloads through the Social Networks feat...
📅 4 days ago • Mar 5, 2026This CVE describes a second-order expression injection vulnerability in n8n's Form nodes that could allow unauthenticated attackers to inject and eval...
📅 12 days ago • Feb 25, 2026A stored cross-site scripting (XSS) vulnerability in RustFS Console allows attackers to inject malicious JavaScript that executes when administrators ...
📅 13 days ago • Feb 25, 2026An authenticated attacker on GitHub Enterprise Server could exploit an insecure URL redirect in the repository_pages API to leak privileged JWT tokens...
📅 19 days ago • Feb 18, 2026A Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr ERP & CRM v22.0.9 allows remote attackers to escalate privileges by exploiting the notes...
📅 26 days ago • Feb 12, 2026This CVE describes a race condition vulnerability in Apple operating systems that allows shortcuts to bypass sandbox restrictions through improper han...
📅 26 days ago • Feb 11, 2026This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.31. It allows sandboxed JavaScript code to bypass isolation...
📅 28 days ago • Feb 9, 2026Axigen Mail Server versions before 10.5.57 contain multiple stored XSS vulnerabilities in the WebAdmin interface. Attackers can inject malicious JavaS...
📅 32 days ago • Feb 5, 2026Authenticated users can upload malicious SVG files containing JavaScript in NocoDB versions before 0.301.0. When other users view these attachments, t...
📅 40 days ago • Jan 28, 2026This CVE describes a code injection vulnerability in the Vollstart Event Tickets with Ticket Scanner WordPress plugin that allows attackers to execute...
📅 46 days ago • Jan 22, 2026This vulnerability allows arbitrary code execution on Grist servers when using the pyodide sandbox flavor with untrusted spreadsheets. Attackers can r...
📅 47 days ago • Jan 22, 2026CVE-2026-23873 is a CSV injection vulnerability in hustoj's contest rank export functionality that allows attackers to embed Excel formulas in nicknam...
📅 47 days ago • Jan 22, 2026Altium 365 workspace endpoints have an overly permissive CORS policy that allows credentialed cross-origin requests from other Altium-controlled subdo...
📅 50 days ago • Jan 19, 2026A stored cross-site scripting vulnerability in Altium Forum allows authenticated attackers to inject malicious JavaScript into forum posts. When other...
📅 53 days ago • Jan 15, 2026CVE-2026-23520 is a command injection vulnerability in Arcane's docker management platform that allows authenticated users to execute arbitrary shell ...
📅 53 days ago • Jan 15, 2026This vulnerability in Eclipse Che che-machine-exec allows unauthenticated attackers to execute arbitrary commands and steal secrets (SSH keys, tokens)...
📅 56 days ago • Jan 13, 2026This vulnerability allows a Backup Administrator with legitimate credentials to execute arbitrary code as the postgres user by sending a malicious pas...
📅 60 days ago • Jan 8, 2026This vulnerability allows users with Backup Operator or Tape Operator privileges to write files with root/system-level permissions, potentially leadin...
📅 60 days ago • Jan 8, 2026This vulnerability allows authenticated Backup Operators to execute arbitrary code as the postgres user by sending malicious interval or order paramet...
📅 60 days ago • Jan 8, 2026This vulnerability allows authenticated Frappe users with specific permissions to be tricked into clicking malicious links that execute arbitrary code...
📅 71 days ago • Dec 29, 2025This vulnerability allows attackers to upload arbitrary files to WordPress sites using the WP Webhooks plugin, potentially leading to remote code exec...
📅 82 days ago • Dec 18, 2025This vulnerability allows attackers to execute arbitrary code or cause denial of service by providing a specially crafted ELF file with an oversized f...
📅 82 days ago • Dec 18, 2025NanoMQ versions before 0.24.4 contain a buffer overflow vulnerability when PUBLISH packets trigger both shared and vanilla subscriptions simultaneousl...
📅 84 days ago • Dec 15, 2025Budibase versions 3.24.0 and earlier have an arbitrary file upload vulnerability where file extension restrictions are only enforced at the UI level, ...
🔥 Today • Mar 9, 2026OpenProject's synchronization server improperly validates backend URLs, allowing attackers to decrypt intercepted authentication tokens and gain unaut...
📅 40 days ago • Jan 28, 2026CVE-2026-23527 is a critical HTTP request smuggling vulnerability in the H3 framework where case-sensitive header validation allows attackers to bypas...
📅 53 days ago • Jan 15, 2026CVE-2025-68920 is a critical vulnerability in C-Kermit that allows a remote Kermit system to overwrite files on the local system or retrieve arbitrary...
📅 75 days ago • Dec 24, 2025A stored XSS vulnerability in the Reports functionality allows authenticated users with report privileges to inject malicious JavaScript into reports....
📅 82 days ago • Dec 18, 2025This CVE describes a vulnerability in ingress-nginx where attackers can exploit the rewrite-target annotation to inject malicious nginx configuration....
🔥 Today • Mar 9, 2026A buffer overflow vulnerability in UTT HiPER 810G routers allows remote attackers to execute arbitrary code by exploiting the strcpy function in the /...
⚡ Yesterday • Mar 9, 2026A buffer overflow vulnerability in UTT HiPER 810G routers allows remote attackers to execute arbitrary code by exploiting the strcpy function in the /...
⚡ Yesterday • Mar 9, 2026A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the 'page' param...
⚡ Yesterday • Mar 9, 2026A low-privileged remote attacker can exploit a stack-based buffer overflow vulnerability in the ubr-network method via crafted HTTP POST requests, lea...
⚡ Yesterday • Mar 9, 2026A low-privileged remote attacker can exploit a path traversal vulnerability in the wwupload.cgi endpoint to write arbitrary files on affected systems....
⚡ Yesterday • Mar 9, 2026A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the webSiteId pa...
⚡ Yesterday • Mar 9, 2026A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the 'page' param...
⚡ Yesterday • Mar 9, 2026A stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers to execute arbitrary code by manipulating the mit_ssid or ...
⚡ Yesterday • Mar 9, 2026A stack-based buffer overflow vulnerability in Tenda i3 routers allows remote attackers to execute arbitrary code by manipulating the 'index' paramete...
⚡ Yesterday • Mar 9, 2026A remote stack-based buffer overflow vulnerability in Tenda i3 routers allows attackers to execute arbitrary code by manipulating the cmdinput paramet...
⚡ Yesterday • Mar 9, 2026A stack-based buffer overflow vulnerability in Tenda i3 routers allows remote attackers to execute arbitrary code by manipulating ping1/ping2 paramete...
⚡ Yesterday • Mar 9, 2026Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
