🔥 Trending CVEs - Last 30 Days

This vulnerability in SourceCodester Client Database Management System 1.0 allows attackers to bypass authorization controls by manipulating the manag...

This SQL injection vulnerability in Simple Flight Ticket Booking System 1.0 allows attackers to manipulate database queries through the flightno param...

CVE-2026-3709 is a SQL injection vulnerability in Simple Flight Ticket Booking System 1.0 that allows attackers to manipulate database queries through...

This vulnerability allows remote attackers to execute arbitrary SQL commands via the Username parameter in the login.php file of Simple Flight Ticket ...

This vulnerability in Shy2593666979 AgentChat allows attackers to manipulate user_id parameters in user information functions, enabling unauthorized a...

This CVE describes a remote command injection vulnerability in Totolink N300RH routers. Attackers can execute arbitrary operating system commands by m...

This vulnerability allows attackers to inject malicious HTML/JavaScript into Kestra's execution-file preview feature, leading to cross-site scripting ...

This WebSocket vulnerability allows session hijacking in charging station management systems by enabling multiple connections with the same predictabl...

This WebSocket vulnerability allows session hijacking by connecting with predictable charging station identifiers, enabling attackers to impersonate l...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect 17 for Windows due to improper handling of symbolic links. Atta...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect 17 for Windows due to improper handling of symbolic links. An a...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect Cloud Agent for Windows. Attackers can exploit DLL hijacking to...

This CVE describes a DOM-based cross-site scripting (XSS) vulnerability in Gogs self-hosted Git service. Attackers can inject malicious JavaScript int...

A permission bypass vulnerability in Huawei's system service framework allows attackers to circumvent intended access controls. This affects availabil...

This SQL injection vulnerability in itsourcecode University Management System 1.0 allows attackers to manipulate database queries through the ID param...

This SQL injection vulnerability in itsourcecode University Management System 1.0 allows attackers to manipulate database queries through the /admin_s...

This CVE-2026-3409 vulnerability allows remote attackers to execute arbitrary code through a code injection flaw in the Flow Import Endpoint of eospho...

This SQL injection vulnerability in Online Art Gallery Shop 1.0 allows attackers to manipulate database queries through the registration form's fname ...

This vulnerability allows remote attackers to execute arbitrary code on MaxSite CMS installations through a code injection flaw in the MarkItUp Previe...

Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting vulnerability in the WebUI's Custom Rules function. This allows ...

This SQL injection vulnerability in itsourcecode News Portal Project 1.0 allows attackers to manipulate database queries through the pagetitle paramet...

CVE-2026-3151 is an SQL injection vulnerability in itsourcecode College Management System 1.0 that allows attackers to manipulate database queries thr...

This SQL injection vulnerability in itsourcecode Document Management System 1.0 allows attackers to execute arbitrary SQL commands via the Username pa...

This SQL injection vulnerability in itsourcecode News Portal Project 1.0 allows attackers to manipulate database queries through the Category paramete...

This SQL injection vulnerability in itsourcecode Document Management System 1.0 allows attackers to manipulate database queries through the login page...

This vulnerability allows low-privileged users on NVIDIA Cumulus Linux and NVOS systems to inject commands through the NVUE interface, potentially lea...

CVE-2026-3069 is an SQL injection vulnerability in itsourcecode Document Management System 1.0 that allows remote attackers to execute arbitrary SQL c...

CVE-2026-3068 is a SQL injection vulnerability in itsourcecode Document Management System 1.0 that allows remote attackers to execute arbitrary SQL co...

This CVE describes an authentication bypass vulnerability in DataLinkDC Dinky's OpenAPI endpoint. Attackers can remotely exploit this to access admini...

This SQL injection vulnerability in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0 allows attackers to execute arbitrary SQL co...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID para...

This vulnerability allows authenticated users in Traccar GPS tracking systems to steal OAuth 2.0 authorization codes via open redirect in OIDC endpoin...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the UEditor component of erzhongxmu JEEWMS 3.7. Attackers can exploit the /pl...

A stack overflow vulnerability in libtiff's readSeparateStripsIntoBuffer function allows attackers to execute arbitrary code or cause denial of servic...

Dell Repository Manager versions before 3.4.8 have a path traversal vulnerability where attackers with local access can execute arbitrary code and esc...

This vulnerability in SourceCodester Student Result Management System 1.0 allows unauthenticated attackers to upload arbitrary files via the bulk impo...

This vulnerability allows remote attackers to execute arbitrary operating system commands on systems running Vaelsys 4.1.0 by exploiting an OS command...

This CVE describes an OS command injection vulnerability in Tosei Online Store Management System 1.01. Attackers can execute arbitrary operating syste...

This CVE describes a remote out-of-bounds write vulnerability in Zaher1307's tiny_web_server that could allow attackers to execute arbitrary code or c...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows remote attackers to manipulate database queries through the test_i...

This vulnerability allows remote attackers to bypass authorization controls in funadmin's configuration handler, potentially enabling unauthorized con...

CVE-2026-2867 is an SQL injection vulnerability in itsourcecode Vehicle Management System 1.0 that allows remote attackers to execute arbitrary SQL co...

This SQL injection vulnerability in Agri-Trading Online Shopping System 1.0 allows attackers to execute arbitrary SQL commands via manipulated Product...

This vulnerability allows local attackers to escalate privileges on PDF-XChange Editor installations by exploiting an uncontrolled search path element...

This CVE describes a SQL injection vulnerability in Fujian Smart Integrated Management Platform System that allows attackers to execute arbitrary SQL ...

This SQL injection vulnerability in Fujian Smart Integrated Management Platform System allows remote attackers to execute arbitrary SQL commands via t...

This stored cross-site scripting (XSS) vulnerability in Open WebUI allows attackers to inject malicious HTML into chat history metadata, which gets ex...

This vulnerability allows attackers to bypass authorization controls in MeCODE Informatics and Engineering Services Ltd. Envanty software by manipulat...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows attackers to manipulate database queries through the /admin/manage...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows attackers to manipulate database queries through the ID parameter ...