🔥 Trending CVEs - Last 30 Days
1,196 critical and high-severity vulnerabilities discovered in the last 30 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This vulnerability in Key Systems Inc Global Facilities Management Software allows remote attackers to access sensitive information through the sid qu...
📅 18 days ago • Feb 20, 2026This stored cross-site scripting (XSS) vulnerability in the PixelYourSite WordPress plugin allows attackers to inject malicious scripts that execute w...
📅 18 days ago • Feb 20, 2026This DOM-based cross-site scripting (XSS) vulnerability in the PhotoMe WordPress theme allows attackers to inject malicious scripts into web pages vie...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Grand Conference WordPress theme. When users visit a s...
📅 18 days ago • Feb 20, 2026This is a reflected cross-site scripting (XSS) vulnerability in the Link Whisper Free WordPress plugin. Attackers can inject malicious scripts via cra...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages through the Visitor Maps Extended Referer Field WordPress plugin. When ...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Diamond WordPress theme, which are then executed in vi...
📅 18 days ago • Feb 20, 2026This CVE describes a missing authorization vulnerability in the WooCommerce Bulk Product Editor plugin that allows attackers to exploit incorrectly co...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through DOM-based cross-site scripting (XSS) in t...
📅 18 days ago • Feb 20, 2026This stored cross-site scripting (XSS) vulnerability in the NEX-Forms WordPress plugin allows attackers to inject malicious scripts into web pages tha...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the NEX-Forms WordPress plugin. When users visit a special...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the GhostPool Aardvark WordPress theme. When users visit a...
📅 18 days ago • Feb 20, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in the WordPress Simple Archive Generator plugin. Attackers can inject malicio...
📅 18 days ago • Feb 20, 2026This reflected cross-site scripting (XSS) vulnerability in the Membee Login WordPress plugin allows attackers to inject malicious scripts into web pag...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Asynchronous Javascript WordPress plugin. When users v...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into the amr cron manager WordPress plugin, which are then reflected back to users' br...
📅 18 days ago • Feb 20, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Widget Logic Visual WordPress plugin. Attackers can inject malicious sc...
📅 18 days ago • Feb 20, 2026This is a reflected cross-site scripting (XSS) vulnerability in the Crocoblock JetEngine WordPress plugin. It allows attackers to inject malicious scr...
📅 18 days ago • Feb 20, 2026This Cross-Site Scripting (XSS) vulnerability in the RealMag777 GMap Targeting WordPress plugin allows attackers to inject malicious scripts into web ...
📅 18 days ago • Feb 20, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Educare WordPress plugin. When users visit a specially...
📅 18 days ago • Feb 20, 2026This is a reflected cross-site scripting (XSS) vulnerability in the FluentCart WordPress plugin. Attackers can inject malicious scripts via crafted UR...
📅 18 days ago • Feb 20, 2026This is a reflected cross-site scripting (XSS) vulnerability in the WP Wizard Cloak WordPress plugin that allows attackers to inject malicious scripts...
📅 18 days ago • Feb 20, 2026This stored cross-site scripting (XSS) vulnerability in the WordPress Easy Taxonomy Images plugin allows attackers to inject malicious scripts into we...
📅 18 days ago • Feb 20, 2026CVE-2026-26960 is a path traversal vulnerability in node-tar that allows attackers to create hardlinks pointing outside the extraction directory when ...
📅 18 days ago • Feb 20, 2026This CVE describes a Missing Authorization vulnerability in CMSMasters Content Composer WordPress plugin that allows attackers to bypass access contro...
📅 19 days ago • Feb 19, 2026StorageGRID versions with Single Sign-on enabled and configured to use Microsoft Entra ID are vulnerable to Server-Side Request Forgery (SSRF). This a...
📅 20 days ago • Feb 18, 2026IBM Db2 databases running vulnerable versions are susceptible to XML external entity injection (XXE) attacks when processing XML data. This allows rem...
📅 21 days ago • Feb 17, 2026This CVE describes a privacy vulnerability in Apple operating systems where an app could potentially identify what other apps a user has installed, ex...
📅 26 days ago • Feb 11, 2026This CVE describes a sandbox escape vulnerability in multiple Apple operating systems where an app can bypass its security restrictions. It affects us...
📅 26 days ago • Feb 11, 2026This vulnerability allows applications to bypass certain privacy preferences on Apple operating systems, potentially accessing sensitive user data wit...
📅 26 days ago • Feb 11, 2026This CVE describes an out-of-bounds memory access vulnerability in Apple's media file processing across multiple operating systems. Attackers can craf...
📅 26 days ago • Feb 11, 2026CVE-2026-25999 is an improper access control vulnerability in Klaw (Apache Kafka management portal) that allows unauthorized users to reset or delete ...
📅 27 days ago • Feb 11, 2026A local privilege escalation vulnerability in Fortinet FortiClient for Windows allows low-privileged attackers to write arbitrary files with elevated ...
📅 28 days ago • Feb 10, 2026CVE-2025-11142 is an OS command injection vulnerability in Axis camera VAPIX API's mediaclip.cgi endpoint that allows authenticated attackers with ope...
📅 28 days ago • Feb 10, 2026This vulnerability in UltraVNC 1.6.4.0 on Windows involves an uncontrolled search path weakness in cryptbase.dll that could allow local attackers to e...
⚡ Yesterday • Mar 8, 2026This vulnerability allows local attackers to escalate privileges on TensorFlow installations by exploiting an insecure plugin loading mechanism. Attac...
📅 17 days ago • Feb 20, 2026A Use After Free vulnerability in Apache Arrow C++ allows memory corruption when reading Arrow IPC files with pre-buffering enabled. This affects C++ ...
📅 21 days ago • Feb 17, 2026This CVE describes a DLL hijacking vulnerability in Flos Freeware Notepad2 versions 4.2.22 through 4.2.25. Attackers can exploit uncontrolled search p...
📅 22 days ago • Feb 16, 2026This vulnerability in Unidocs ezPDF DRM Reader and ezPDF Reader allows local attackers to exploit an uncontrolled search path issue in SHFOLDER.dll, p...
📅 23 days ago • Feb 15, 2026A race condition vulnerability in Apple operating systems allows malicious applications to potentially gain root privileges. This affects users runnin...
📅 26 days ago • Feb 11, 2026A path traversal vulnerability in BusyBox's archive extraction utilities allows attackers to create malicious archives that, when extracted under spec...
📅 27 days ago • Feb 11, 2026CVE-2026-21508 is an improper authentication vulnerability in Windows Storage that allows authenticated attackers to elevate privileges locally. This ...
📅 28 days ago • Feb 10, 2026This vulnerability involves a use-after-free flaw in the Windows Mailslot File System that allows an authenticated attacker to execute arbitrary code ...
📅 28 days ago • Feb 10, 2026This vulnerability is a use-after-free flaw in Windows Ancillary Function Driver for WinSock that allows an authenticated attacker to execute arbitrar...
📅 28 days ago • Feb 10, 2026A race condition vulnerability in Windows Subsystem for Linux allows authenticated local attackers to escalate privileges by exploiting improper synch...
📅 28 days ago • Feb 10, 2026This vulnerability in Artifex MuPDF on Windows allows local attackers to exploit an uncontrolled search path issue in the get_system_dpi function. Att...
📅 28 days ago • Feb 10, 2026Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
