🔥 Trending CVEs - Last 90 Days
4,501 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This vulnerability in the WordPress Final User plugin allows attackers to escalate privileges due to incorrect privilege assignment. Users running ver...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to escalate privileges in the WordPress Institutions Directory plugin. Attackers could gain administrative access ...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to escalate privileges in the Hospital Doctor Directory WordPress plugin, potentially gaining administrative acces...
📅 47 days ago • Jan 22, 2026This SQL injection vulnerability in the Ultra Portfolio WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affect...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting insecure deserialization in the North WordPre...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Dental Care CPT WordPress plugin. Suc...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Tech Life CPT WordPress plugin. Succe...
📅 47 days ago • Jan 22, 2026This vulnerability allows remote attackers to execute arbitrary code through PHP object injection in the OneLife WordPress theme. Attackers can exploi...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Anona WordPress theme. It affects all...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to inject malicious objects through insecure deserialization in the Vivagh WordPress theme. Attackers could execut...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Eventin WordPress plugin. Attackers c...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to escalate privileges in the Lawyer Directory WordPress plugin due to incorrect privilege assignment. Attackers c...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Kids Heaven WordPress theme. Attacker...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the merkulove Imager for Elementor WordPress plugin that allows attackers to bypass access...
📅 47 days ago • Jan 22, 2026This CVE describes a missing authorization vulnerability in the Carter for Elementor WordPress plugin that allows attackers to bypass access controls....
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Searcher for Elementor WordPress plugin that allows attackers to bypass access control...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Motionger for Elementor WordPress plugin that allows attackers to bypass access contro...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the WP-CRM System WordPress plugin that allows attackers to bypass access controls and per...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Bard WordPress theme that allows attackers to bypass access controls. It affects all B...
📅 47 days ago • Jan 22, 2026This CVE describes a missing authorization vulnerability in the Ninetheme Electron WordPress theme that allows attackers to bypass access controls. It...
📅 47 days ago • Jan 22, 2026This vulnerability allows attackers to escalate privileges in the Jthemes xSmart WordPress theme due to incorrect privilege assignment. Attackers can ...
📅 47 days ago • Jan 22, 2026This CVE describes a Missing Authorization vulnerability in the Jthemes xSmart WordPress theme that allows attackers to bypass access controls. Attack...
📅 47 days ago • Jan 22, 2026This CVE describes a missing authorization vulnerability in the HomeLancer WordPress theme that allows attackers to bypass access controls. Attackers ...
📅 47 days ago • Jan 22, 2026This SQL injection vulnerability in the ZoomIt DZS Video Gallery WordPress plugin allows attackers to execute arbitrary SQL commands on the database. ...
📅 47 days ago • Jan 22, 2026This SQL injection vulnerability in the WP Lead Capturing Pages WordPress plugin allows attackers to execute arbitrary SQL commands on the database. I...
📅 47 days ago • Jan 22, 2026This CSRF vulnerability in bdthemes Element Pack Elementor Addons allows attackers to trick authenticated WordPress administrators into performing uni...
📅 47 days ago • Jan 22, 2026This SQL injection vulnerability in Dell Unisphere for PowerMax allows low-privileged remote attackers to execute arbitrary commands on affected syste...
📅 47 days ago • Jan 22, 2026A stack-based buffer overflow vulnerability in Tenda AX1803 routers allows remote attackers to execute arbitrary code by manipulating parameters in th...
📅 47 days ago • Jan 22, 2026A buffer overflow vulnerability in Totolink NR1800X routers allows remote attackers to execute arbitrary code by sending specially crafted POST reques...
📅 47 days ago • Jan 22, 2026This CVE describes a remote command injection vulnerability in Sangfor Operation and Maintenance Management System's SSH Protocol Handler. Attackers c...
📅 47 days ago • Jan 22, 2026CVAT users with staff status can escalate their own privileges to superuser/admin level, gaining full access to all data in the CVAT instance. This af...
📅 48 days ago • Jan 21, 2026This vulnerability allows arbitrary code execution on vLLM servers during model loading. Attackers who can influence the model repository or path (loc...
📅 48 days ago • Jan 21, 2026The External Secrets Operator's getSecretKey template function allows cross-namespace secret retrieval, bypassing Kubernetes RBAC controls. This affec...
📅 48 days ago • Jan 21, 2026This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in D-Link D-View 8 network management software. Any authenticated user can...
📅 48 days ago • Jan 21, 2026Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations on...
📅 48 days ago • Jan 21, 2026Rockstar Games Launcher version 1.0.37.349 has insecure file permissions on its RockstarService.exe that allow authenticated users to replace it with ...
📅 48 days ago • Jan 21, 2026OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to upload malicious hardware con...
📅 48 days ago • Jan 21, 2026IBM Concert versions 1.0.0 through 2.1.0 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files to the web ...
📅 49 days ago • Jan 20, 2026This vulnerability allows authenticated WordPress users with contributor-level access or higher to modify arbitrary WordPress options due to missing c...
📅 49 days ago • Jan 20, 2026This CVE describes a use-after-free vulnerability in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome that could allow heap corruption. At...
📅 49 days ago • Jan 20, 2026This vulnerability in Chrome's V8 JavaScript engine allows attackers to read memory outside intended boundaries via malicious web pages. It affects al...
📅 49 days ago • Jan 20, 2026This vulnerability in Chrome's V8 JavaScript engine allows attackers to corrupt memory objects through malicious HTML pages, potentially leading to ar...
📅 49 days ago • Jan 20, 2026This vulnerability allows a remote attacker to trigger out-of-bounds memory access in Chrome's V8 JavaScript engine, potentially leading to memory cor...
📅 49 days ago • Jan 20, 2026node-tar versions up to 7.5.3 have a race condition vulnerability that allows arbitrary file overwrite via symlink poisoning attacks. This occurs when...
📅 50 days ago • Jan 20, 2026A remote buffer overflow vulnerability in Totolink LR350 routers allows attackers to execute arbitrary code by sending specially crafted POST requests...
📅 50 days ago • Jan 19, 2026A buffer overflow vulnerability in the Totolink LR350 router's WiFi configuration function allows remote attackers to execute arbitrary code. This aff...
📅 50 days ago • Jan 19, 2026A buffer overflow vulnerability in Totolink LR350 routers allows remote attackers to execute arbitrary code by manipulating the ssid parameter in the ...
📅 50 days ago • Jan 19, 2026This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 520W routers by exploiting a buffer overflow in the ConfigExceptAli...
📅 50 days ago • Jan 19, 2026This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 520W routers through a buffer overflow in the ConfigExceptQQ functi...
📅 50 days ago • Jan 19, 2026A buffer overflow vulnerability in UTT 进取 520W firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code or cause denial of ...
📅 50 days ago • Jan 19, 2026Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
