🔥 Trending CVEs - Last 90 Days

CVE-2026-23742 allows attackers with ability to create Lua filters in Skipper to read arbitrary files accessible to the Skipper process, potentially e...

Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system co...

This vulnerability in Easy Discuss for Joomla allows attackers to upload malicious files by bypassing extension-based validation. Attackers can upload...

An OS command injection vulnerability in TOA Corporation TRIFORA 3 series network cameras allows authenticated users with monitoring privileges or hig...

This vulnerability allows authenticated attackers with author-level WordPress access to upload malicious files disguised as VTT subtitle files, bypass...

This vulnerability allows authenticated standard users to trick Process Optimization services into loading arbitrary code, leading to privilege escala...

A time-based blind SQL injection vulnerability in PHPGurukul Cyber Cafe Management System v1.0 allows authenticated attackers to execute arbitrary SQL...

This CSRF vulnerability in Easy!Appointments allows attackers to perform state-changing operations via crafted GET requests, bypassing CSRF protection...

A local privilege escalation vulnerability exists in Epic Games Store installation via Microsoft Store where low-privilege users can replace DLL files...

A file upload vulnerability in Omnispace Agora Project allows authenticated users (and sometimes guest users) to upload arbitrary files via the Upload...

CVE-2021-47757 is an authenticated remote code execution vulnerability in Chikitsa Patient Management System 2.0.2. Authenticated attackers can upload...

CVE-2021-47758 allows authenticated attackers to upload malicious PHP plugins through Chikitsa Patient Management System's module upload functionality...

The Supreme Modules Lite WordPress plugin has an arbitrary file upload vulnerability in versions up to 2.5.62. Authenticated attackers with author-lev...

This CVE describes a blind SQL injection vulnerability in Pimcore's Admin Search Find API that affects authenticated users. Attackers can infer databa...

This vulnerability allows authenticated attackers to execute arbitrary PHP code on WBCE CMS servers by uploading malicious droplets through the admin ...

This vulnerability allows an authorized attacker to execute arbitrary code on Microsoft SharePoint servers by exploiting insecure deserialization of u...

This SQL injection vulnerability in Microsoft Office SharePoint allows authenticated attackers to execute arbitrary SQL commands over the network. Att...

A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows remote unauthenticated attackers to execute arbi...

An authentication bypass vulnerability in Tongyu AX1800 Wi-Fi 6 Router firmware allows attackers on the same network to perform administrative actions...

This vulnerability allows non-privileged users to exploit improper GPU resource management through system calls, potentially leading to use-after-free...

A privilege escalation vulnerability exists in the Nessus Agent Tray App installation/uninstallation process on Windows. Attackers with local access c...

This CVE describes an integer overflow vulnerability in the Graphics component of Mozilla products that allows sandbox escape. Attackers could exploit...

A use-after-free vulnerability in Firefox and Thunderbird's IPC component allows attackers to execute arbitrary code or cause denial of service. This ...

An SQL injection vulnerability in Progress Flowmon ADS allows authenticated users to execute arbitrary SQL queries and commands. This affects versions...

A local privilege escalation vulnerability in TeleControl Server Basic allows attackers with local access to execute arbitrary code with elevated priv...

An unauthenticated remote attacker can trick a high-privileged user into uploading malicious configuration files via the config-upload endpoint, leadi...

A stack overflow vulnerability in Hikvision Access Control Products allows attackers on the same local network to crash devices by sending specially c...

A stack overflow vulnerability in Hikvision's device Search and Discovery feature allows attackers on the same local network to crash devices by sendi...

Envoy Gateway versions before 1.5.7 and 1.6.2 contain a vulnerability where Lua scripts in EnvoyExtensionPolicy can leak proxy credentials. Attackers ...

This vulnerability allows remote attackers to execute arbitrary code on Automai Director v25.2.0 systems by exploiting the update mechanism. Attackers...

Merit LILIN IP cameras have an OS command injection vulnerability that allows authenticated remote attackers to execute arbitrary commands on the devi...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on affected Merit LILIN DVR/NVR devices. Attac...

An authorization bypass vulnerability in Broadcom DX NetOps Spectrum allows attackers to escalate privileges by manipulating user-controlled keys. Thi...

A deserialization vulnerability in Broadcom DX NetOps Spectrum allows attackers to inject malicious objects by sending untrusted data to the applicati...

This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 520W routers running version 1.7.7-180627. Attackers can exploit a ...

This is a remote buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627. Attackers can exploit the strcpy function ...

This is a remote buffer overflow vulnerability in UTT 进取 520W firmware version 1.7.7-180627 that allows attackers to execute arbitrary code by man...

This is a remote buffer overflow vulnerability in UTT 进取 520W router firmware version 1.7.7-180627. Attackers can exploit the strcpy function in t...

A buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code by explo...

This CVE describes a buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627. Attackers can remotely exploit this vu...

A path traversal vulnerability in DevToys allows malicious extension packages to write files outside the intended directory, potentially overwriting s...

GestSup versions up to 3.2.60 contain a CSRF vulnerability that allows attackers to trick authenticated users into performing unauthorized actions. An...

CVE-2025-69194 is a path traversal vulnerability in GNU Wget2's Metalink document handling that allows attackers to write files to arbitrary locations...

This is a reflected cross-site scripting (XSS) vulnerability in the Salvo Rust web framework's directory listing functionality. Attackers can inject m...

This vulnerability allows attackers within Wi-Fi range to execute arbitrary code on affected Ubiquiti airMAX devices by exploiting a flaw in the wirel...

A heap-buffer-overflow vulnerability in iccDEV's CIccCLUT::Init() function allows attackers to execute arbitrary code or cause denial of service by pr...

This vulnerability in RustFS allows a principal with export-only IAM permissions to perform import operations, leading to unauthorized creation or mod...

This vulnerability in NeuVector's OpenID Connect implementation allows man-in-the-middle attacks by not enforcing TLS certificate verification by defa...

This CVE describes a missing authorization vulnerability in the Fluent Support WordPress plugin that allows attackers to bypass access controls. Attac...

This vulnerability in llama.cpp allows remote attackers to cause memory corruption by sending specially crafted JSON with negative n_discard values to...