🔥 Trending CVEs - Last 90 Days

This CVE describes a SQL injection vulnerability in Craft CMS affecting the element-indexes/get-elements endpoint. Attackers with Control Panel access...

This CVE describes a privilege escalation vulnerability in Craft CMS's GraphQL API where authenticated users with write access to one asset volume can...

This vulnerability allows attackers to bypass disabled Identity Provider (IdP) checks in Keycloak's JWT authorization grant flow. An attacker with a d...

This vulnerability allows attackers to upload malicious files (like web shells) to Sensaway web servers without proper file type validation. It affect...

A buffer overflow vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code by manipulating the shareSpeed parameter in the...

A buffer overflow vulnerability exists in Tenda AC8 routers version 16.03.33.05. Remote attackers can exploit this by sending specially crafted reques...

A stack-based buffer overflow vulnerability in Tenda RX3 routers allows remote attackers to execute arbitrary code by manipulating device name paramet...

This vulnerability in Tenda RX3 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the fromSetIpMacBind fu...

This CVE describes a stack-based buffer overflow vulnerability in Tenda RX3 routers. Attackers can remotely exploit this vulnerability by manipulating...

A stack-based buffer overflow vulnerability exists in Tenda RX3 routers version 16.03.13.11. Attackers can remotely exploit this by manipulating the s...

A stack-based buffer overflow vulnerability exists in Tenda RX3 router firmware version 16.03.13.11. Attackers can remotely exploit this by manipulati...

A buffer overflow vulnerability exists in Tenda TX9 routers through firmware version 22.03.02.10_multi. Attackers can remotely exploit this vulnerabil...

A buffer overflow vulnerability in Tenda TX9 routers allows remote attackers to execute arbitrary code by manipulating the ssid parameter in the fast_...

A buffer overflow vulnerability in Tenda TX9 routers allows remote attackers to execute arbitrary code by manipulating the list argument in the SetSta...

This vulnerability allows remote attackers to execute arbitrary code on Tenda TX3 routers via a buffer overflow in the SetIpMacBind function. Attacker...

The JAY Login & Register WordPress plugin contains a privilege escalation vulnerability that allows authenticated users with Subscriber-level access o...

This CVE describes an OS command injection vulnerability in Tenda G300-F router firmware that allows remote attackers to execute arbitrary commands on...

A buffer overflow vulnerability in the UTT HiPER 810G firewall's management interface allows remote attackers to execute arbitrary code or crash the d...

A buffer overflow vulnerability in UTT 进取 520W firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code by exploiting the s...

A buffer overflow vulnerability in UTT 进取 520W router firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code by exploitin...

This CVE describes a remote buffer overflow vulnerability in UTT 进取 520W firmware version 1.7.7-180627. Attackers can exploit this by sending spec...

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sandbox for AI agent code execution. Attackers can esc...

A buffer overflow vulnerability exists in the UTT 进取 520W router firmware version 1.7.7-180627, specifically in the formIpGroupConfig function. At...

A buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code by manip...

OpenSTAManager versions 2.9.8 and earlier contain a critical OS command injection vulnerability in the P7M file decoding functionality. Authenticated ...

OpenSTAManager versions 2.9.8 and earlier contain an SQL injection vulnerability in the ajax_select.php endpoint. Authenticated attackers can execute ...

OpenFGA versions 1.8.5 to 1.11.2 have an improper policy enforcement vulnerability that can allow unauthorized access when specific authorization mode...

Gogs versions 0.13.3 and earlier have a critical authentication bypass vulnerability where 2FA recovery codes are not scoped to specific users. An att...

This CVE allows attackers to inject malicious configuration into ingress-nginx via the auth-proxy-set-headers annotation, potentially leading to arbit...

CVE-2025-15330 is an improper input validation vulnerability in Tanium Deploy that could allow attackers to execute arbitrary code or commands. This a...

An improper certificate validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows attackers on the same network segment to intercept an...

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin that allows attackers to upload malicious files to web-...

This vulnerability allows authenticated administrators in jizhiCMS 1.6.7 to download arbitrary files from the server by exploiting the admin plugins u...

This CSRF vulnerability in Axigen Mail Server's WebAdmin interface allows attackers to craft malicious URLs that execute administrative actions when c...

This vulnerability allows a local attacker to replace service executable files or DLLs in the FREQSHIP-mini installation directory with malicious file...

Locutus versions 2.0.12 through 2.0.38 contain a prototype pollution vulnerability that allows attackers to modify JavaScript object prototypes via cr...

This vulnerability in Devtron allows any authenticated user, including low-privileged CI/CD developers, to retrieve the global API token signing key. ...

This CVE describes a remote code execution vulnerability in Group-Office where an authenticated attacker can execute arbitrary system commands on the ...

FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensit...

FacturaScripts contains a critical SQL injection vulnerability in its REST API that allows authenticated API users to execute arbitrary SQL queries th...

This path traversal vulnerability in Alist allows authenticated attackers to bypass directory-level authorization by injecting traversal sequences int...

OpenSTAManager versions 2.9.8 and earlier contain a SQL injection vulnerability in the ajax_complete.php endpoint. Authenticated attackers can execute...

OpenSTAManager versions 2.9.8 and earlier contain a SQL injection vulnerability in the Stampe Module that allows attackers to execute arbitrary SQL co...

This vulnerability in n8n's Merge node allows authenticated users with workflow creation/modification permissions to write arbitrary files to the serv...

This vulnerability in Cisco Meeting Management allows authenticated attackers with video operator privileges to upload malicious files through the web...

The SportsPress WordPress plugin has a Local File Inclusion vulnerability in all versions up to 2.7.26. Authenticated attackers with contributor-level...

This stored XSS vulnerability in Karel Electronics ViPort allows attackers to inject malicious scripts into web pages that are then executed when othe...

The WP FOFT Loader WordPress plugin has a vulnerability that allows authenticated attackers with Author-level access or higher to upload arbitrary fil...

This vulnerability in ingress-nginx allows attackers to inject malicious configuration via the auth-method annotation, leading to arbitrary code execu...

This CVE describes a configuration injection vulnerability in ingress-nginx where attackers can inject malicious nginx configuration through the `rule...