🔥 Trending CVEs - Last 90 Days

This vulnerability in llama.cpp allows remote attackers to cause memory corruption by sending specially crafted JSON with negative n_discard values to...

A heap-buffer-overflow vulnerability in iccDEV's SIccCalcOp::Describe() function allows attackers to execute arbitrary code or cause denial of service...

A type confusion vulnerability in iccDEV's SIccCalcOp::ArgsPushed() function allows attackers to potentially execute arbitrary code or cause denial of...

A type confusion vulnerability in iccDEV's ToXmlCurve() function allows attackers to potentially execute arbitrary code or cause denial of service by ...

CVE-2026-21693 is a type confusion vulnerability in iccDEV's CIccSegmentedCurveXml::ToXml() function that could allow memory corruption when processin...

A heap-buffer-overflow vulnerability in iccDEV's CIccProfileXml::ParseBasic() function allows attackers to execute arbitrary code or cause denial of s...

A type confusion vulnerability in iccDEV's CIccEvalCompare::EvaluateProfile() function allows attackers to execute arbitrary code or cause denial of s...

This vulnerability in pnpm package manager versions 10.0.0 through 10.25 allows git-hosted dependencies to execute arbitrary code during installation....

CVE-2026-21682 is a heap buffer overflow vulnerability in iccDEV's CIccXmlArrayType::ParseText() function that allows attackers to execute arbitrary c...

This vulnerability in MicroServer allows an attacker with local network admin access and DNS manipulation capability to redirect a reverse SSH connect...

CVE-2026-21679 is a heap buffer overflow vulnerability in iccDEV's CIccLocalizedUnicode::GetText() function that could allow attackers to execute arbi...

This vulnerability allows attackers to bypass authentication on ABB WebPro SNMP Card PowerValue devices due to incorrect implementation of the authent...

This vulnerability allows attackers who convince users to install malicious Chrome extensions to inject scripts or HTML into privileged pages through ...

This vulnerability allows attackers to escalate privileges in Dasinfomedia WPCHURCH WordPress plugin, potentially gaining administrative access. It af...

The WP Enable WebP WordPress plugin has a vulnerability that allows authenticated attackers with Author-level permissions or higher to upload arbitrar...

This CVE describes an Incorrect Privilege Assignment vulnerability in two AA-Team WordPress plugins that allows attackers to escalate privileges. It a...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the DZS Video Gallery WordPress plugin. S...

A buffer overflow vulnerability in Tenda AC23 routers allows remote attackers to execute arbitrary code by manipulating the Time parameter in the Powe...

This vulnerability allows authenticated remote code execution in Craft CMS via Twig Server-Side Template Injection. Attackers with administrator acces...

In Coolify versions up to v4.0.0-beta.434, low-privileged users (members) can intercept and use administrator invitation links before the intended rec...

A command injection vulnerability in Coolify allows low-privileged users (members) to execute arbitrary system commands as root on the Coolify instanc...

This vulnerability allows low-privileged users in Coolify to inject malicious Docker Compose directives during project creation or updates. By mountin...

Muffon music streaming client versions before 2.3.0 have a one-click remote code execution vulnerability via specially crafted muffon:// links. When v...

An attacker on the same network can exploit a discovery protocol vulnerability in UniFi Protect Application to gain unauthorized access to UniFi Prote...

CVE-2025-15240 is an arbitrary file upload vulnerability in QOCA aim AI Medical Cloud Platform that allows authenticated attackers to upload malicious...

This vulnerability allows clients accessing Apache Kyuubi Server to bypass the server-side configuration that restricts which local directories can be...

A buffer overflow vulnerability in the UTT 进取 520W router firmware allows remote attackers to execute arbitrary code by exploiting the strcpy func...

This vulnerability is a buffer overflow in the UTT 进取 520W router firmware version 1.7.7-180627, specifically in the strcpy function handling the ...

A buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627 allows remote attackers to execute arbitrary code by explo...

This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 520W routers by exploiting a buffer overflow in the strcpy function...

This OS command injection vulnerability in Nuvation Energy Multi-Stack Controller allows attackers to execute arbitrary operating system commands on a...

This OS command injection vulnerability in Nuvation Energy Multi-Stack Controller allows attackers to execute arbitrary operating system commands on a...

Bagisto eCommerce platform versions before 2.3.10 are vulnerable to server-side template injection (SSTI) through first name and last name fields. Thi...

This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 512W devices via a buffer overflow in the FTP server configuration ...

A remote buffer overflow vulnerability in UTT 进取 512W firmware version 1.7.7-171114 allows attackers to execute arbitrary code or cause denial of ...

This CVE describes a remote buffer overflow vulnerability in UTT 进取 512W router firmware version 1.7.7-171114. Attackers can exploit the strcpy fu...

CVE-2025-68700 is a critical remote code execution vulnerability in RAGFlow where authenticated low-privilege users can execute arbitrary system comma...

CVE-2021-47745 is an authenticated command injection vulnerability in Cypress Solutions CTM-200 firmware that allows attackers with valid credentials ...

This vulnerability allows authenticated attackers to execute arbitrary system commands with administrative privileges in meterN energy monitoring soft...

This vulnerability allows authenticated users to modify Rocket League executable files with full permissions due to insecure access controls. Attacker...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on QNO Technology VPN Firewall devices. Attack...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on QNO Technology VPN Firewall devices. Attack...

QNO Technology VPN Firewall devices have an insufficient entropy vulnerability that allows unauthenticated remote attackers to brute-force logged-in u...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SFD font files or visiting malicious web...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SFD font files or visiting malicious web...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of FontForge. Attackers can exploit this b...

A stack-based buffer overflow vulnerability in FontForge's PFB file parser allows remote attackers to execute arbitrary code when users open malicious...

A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious ...

A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious ...

A use-after-free vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious SFD files or...