🔥 Trending CVEs - Last 30 Days

This SQL injection vulnerability in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0 allows remote attackers to execute arbitrary SQ...

This SQL injection vulnerability in Huace Monitoring and Early Warning System 2.2 allows remote attackers to execute arbitrary SQL commands via the ID...

This vulnerability in zhanghuanhao LibrarySystem allows attackers to bypass access controls in the BookController.java component, potentially enabling...

This vulnerability allows remote attackers to execute arbitrary operating system commands on systems running vulnerable versions of yued-fe LuLu UI. T...

This CVE describes a command injection vulnerability in Tosei Self-service Washing Machine software version 4.02. Attackers can remotely execute arbit...

This vulnerability allows remote code execution when Apache Avro Java SDK processes untrusted Avro schemas. Attackers can inject malicious code that g...

WWW::OAuth 1.000 and earlier for Perl uses non-cryptographically secure random number generation (rand()) for cryptographic operations, potentially al...

A DLL hijacking vulnerability in AMD Doc Nav software allows local attackers to escalate privileges by placing malicious DLLs in directories searched ...

A DLL hijacking vulnerability in AMD's Vivado design suite allows local attackers to escalate privileges by placing malicious DLLs in directories sear...

This vulnerability in GitLab allows an authenticated attacker to inject malicious content into the vulnerability code flow, potentially performing una...

Docmost versions before 0.25.0 have a stored XSS vulnerability in public share pages where page titles aren't properly HTML-escaped before insertion i...

A heap-based buffer overflow vulnerability in Windows Hyper-V allows authenticated attackers to execute arbitrary code on the host system. This affect...

This vulnerability involves a use-after-free flaw in Microsoft Graphics Component that allows an authenticated attacker to execute arbitrary code with...

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated high-privilege attackers to insert malicious URLs that r...

CVE-2025-10463 is an improper authentication vulnerability in Birtech Senseway that allows attackers to bypass authentication mechanisms and gain unau...

CVE-2026-2225 is a SQL injection vulnerability in itsourcecode News Portal Project 1.0 that allows remote attackers to execute arbitrary SQL commands ...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID para...

CVE-2026-2220 is a SQL injection vulnerability in code-projects Online Reviewer System 1.0 that allows remote attackers to execute arbitrary SQL comma...

CVE-2026-2221 is a SQL injection vulnerability in code-projects Online Reviewer System 1.0 that allows remote attackers to execute arbitrary SQL comma...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows attackers to execute arbitrary SQL commands via the ID parameter i...

This SQL injection vulnerability in code-projects Online Music Site 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter...

CVE-2026-2212 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows attackers to manipulate database queries through the difficulty_id...

This CVE describes a SQL injection vulnerability in code-projects Online Reviewer System 1.0. Attackers can remotely exploit the user-delete.php file ...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows attackers to manipulate database queries through the test_id param...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows remote attackers to execute arbitrary SQL commands via the test_id...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows attackers to manipulate database queries through the ID parameter ...

CVE-2026-2190 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...

CVE-2026-2189 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...

This CVE describes an OS command injection vulnerability in the Great Developers Certificate Generation System that allows remote attackers to execute...

The WP App Bar WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into plugin settings....

The Meta Box WordPress plugin has an arbitrary file deletion vulnerability that allows authenticated attackers with Contributor-level access or higher...

The Easy PHP Settings WordPress plugin allows authenticated attackers with Administrator privileges to inject arbitrary PHP code into wp-config.php vi...

Chartbrew versions before 4.8.1 contain a remote code execution vulnerability in MongoDB dataset queries. Attackers can execute arbitrary code on the ...

A remote stack-based buffer overflow vulnerability in Wavlink WL-NU516U1 router's login.cgi component allows attackers to execute arbitrary code by ma...

This CVE describes a command injection vulnerability in Wavlink WL-NU516U1 routers that allows remote attackers to execute arbitrary commands on affec...

The Fluent Forms Pro WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into draft form...

This vulnerability allows authenticated local administrators in one context of Cisco ASA multi-context mode to copy files to/from other contexts via S...

This Server-Side Request Forgery (SSRF) vulnerability in the PostX WordPress plugin allows authenticated attackers with Administrator privileges to ma...

The WPBookit WordPress plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into w...

Multiple authenticated OS command injection vulnerabilities in Cohesity TranZman 4.0 allow authenticated admin users to execute arbitrary commands wit...

This vulnerability allows attackers to escalate privileges to root and read/write arbitrary files on Cohesity TranZman Migration Appliance systems due...

CVE-2025-63911 is an authenticated command injection vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614. This allows authe...

This vulnerability allows authenticated WordPress administrators to perform server-side request forgery (SSRF) attacks via the Uncanny Automator plugi...

This vulnerability in Vikunja allows attackers to overwrite arbitrary files on the host system by uploading a malicious ZIP archive during configurati...

This vulnerability allows attackers to bypass Coturn's IP address restrictions by using IPv4-mapped IPv6 addresses. Attackers can send CreatePermissio...

This CVE describes a post-authentication command injection vulnerability in Zyxel VMG3625-T50B devices. An authenticated attacker with administrator p...

A buffer overflow vulnerability in the UTT HiPER 810G router's administrative interface allows remote attackers to execute arbitrary code by manipulat...

This CVE describes a remote buffer overflow vulnerability in UTT HiPER 810G routers. Attackers can exploit the strcpy function in the ConfigExceptMSN ...

This vulnerability in Moodle's backup restore functionality allows authenticated privileged users to upload specially crafted backup files that bypass...