🔥 Trending CVEs - Last 90 Days

This is a remote stack-based buffer overflow vulnerability in Tenda F453 routers affecting the exeCommand function. Attackers can exploit this to exec...

A stack-based buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the username/optty...

A stack-based buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the mit_linktype/P...

This vulnerability allows remote attackers to execute arbitrary code on Tenda F453 routers by exploiting a stack-based buffer overflow in the webExcpt...

A stack-based buffer overflow vulnerability in the Wavlink WL-WN579X3-C router's firewall.cgi component allows remote attackers to execute arbitrary c...

A remote buffer overflow vulnerability in H3C Magic B1 routers allows attackers to execute arbitrary code by manipulating the param argument in the Ed...

A buffer overflow vulnerability in UTT HiPER 810G routers allows remote attackers to execute arbitrary code or crash the device by exploiting improper...

A buffer overflow vulnerability in the UTT HiPER 810G router's NTP configuration function allows remote attackers to execute arbitrary code or crash t...

A stack-based buffer overflow vulnerability in Tenda FH451 routers allows remote attackers to execute arbitrary code by manipulating the mit_linktype/...

A stack-based buffer overflow vulnerability in Tenda FH451 routers allows remote attackers to execute arbitrary code by manipulating the funcname/func...

WeKnora versions before 0.3.2 have an authorization bypass vulnerability in tenant management endpoints. Any authenticated user can read, modify, or d...

Wallos versions before 4.6.2 contain a server-side request forgery vulnerability in notification testers that allows attackers to make unauthorized re...

CVE-2026-30823 is an Insecure Direct Object Reference (IDOR) vulnerability in Flowise that allows attackers to bypass authorization controls. This ena...

This vulnerability allows authenticated WordPress users with Author-level access or higher to register administrator accounts through a registration f...

This vulnerability in OliveTin allows authentication bypass when JWT authentication is configured. Attackers can use validly signed JWT tokens intende...

This mass assignment vulnerability in Snipe-IT allows authenticated low-privileged users to modify restricted user attributes, including those of Supe...

OpenSift versions before 1.6.3-alpha contain a path traversal vulnerability (CWE-22) in multiple storage helpers that don't properly enforce directory...

This vulnerability allows authenticated low-privileged users in Chamilo LMS to upload malicious files and execute arbitrary code on the server. The sy...

This stored XSS vulnerability in Chamilo LMS allows attackers to inject malicious JavaScript into social network and messaging features. When authenti...

OpenClaw versions before 2026.2.14 have a command hijacking vulnerability where attackers can manipulate PATH environment variables to execute malicio...

This vulnerability allows attackers to bypass authentication in Keycloak by exploiting a disabled SAML client configured as an Identity Provider-initi...

The WowOptin WordPress plugin allows authenticated attackers with Subscriber-level access or higher to install and activate arbitrary plugins without ...

This vulnerability allows attackers to exploit heap corruption in Google Chrome's DevTools through malicious extensions. Users who install untrusted C...

Dell Command | Intel vPro Out of Band versions before 4.7.0 have a path traversal vulnerability that allows local low-privileged attackers to execute ...

A remote buffer overflow vulnerability in LLM-Claw's agent deployment component allows attackers to execute arbitrary code or crash the system. This a...

This vulnerability allows authenticated attackers with Agent-level access in the LatePoint WordPress plugin to escalate privileges by linking customer...

This CVE describes a one-click remote code execution vulnerability in AFFiNE workspace software. Attackers can exploit it by tricking users into visit...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary code on servers running the Master...

This vulnerability allows attackers to inject malicious scripts into Chamilo LMS user profiles via CSV import. When other users view these profiles, t...

A stack-based buffer overflow vulnerability in Tenda AC15 routers allows remote attackers to execute arbitrary code by manipulating the wpapsk_crypto2...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code or cause denial of service by sending speciall...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the h...

This vulnerability allows remote attackers to execute arbitrary code on Tenda F453 routers by exploiting a buffer overflow in the frmL7ImForm function...

CVE-2026-3378 is a remote buffer overflow vulnerability in Tenda F453 routers affecting the qossetting function. Attackers can exploit this flaw remot...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fr...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the Sa...

The Worry Proof Backup WordPress plugin contains a path traversal vulnerability that allows authenticated attackers with Subscriber-level access or hi...

This CVE allows attackers with read/write access to Vitess backup storage locations to manipulate backup manifest files and perform path traversal att...

This CVE describes a Python sandbox escape vulnerability in Agenta's API server that allows authenticated users to bypass RestrictedPython sandboxing ...

This vulnerability allows any authenticated non-admin user in WireGuard Portal to elevate their privileges to full administrator by sending a crafted ...

This vulnerability allows authenticated users with workflow creation/modification permissions in n8n to achieve remote code execution by chaining file...

LORIS versions before 26.0.5, 27.0.2, and 28.0.0 contain a path traversal vulnerability in the media module that allows authenticated users with suffi...

A heap buffer overflow vulnerability in FreeRDP clients allows a malicious RDP server to execute arbitrary code on connecting clients. Attackers contr...

OpenEMR versions before 8.0.0 contain a SQL injection vulnerability in the prescription listing functionality that allows authenticated attackers to e...

An SQL injection vulnerability in OpenEMR's Immunization module allows authenticated users to execute arbitrary SQL queries by manipulating patient_id...

This vulnerability in Cisco Catalyst SD-WAN Manager allows authenticated local users with low privileges to escalate to root privileges through the RE...

This vulnerability in JetBrains YouTrack allows applications to send unauthorized requests to the app permissions endpoint, potentially enabling privi...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the Sa...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' argument in the fro...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' argument in the Nat...