🔥 Trending CVEs - Last 30 Days

This CVE describes a use-after-free vulnerability in Firefox's JavaScript JIT compiler that could allow arbitrary code execution. It affects Firefox v...

A use-after-free vulnerability in Firefox's JavaScript JIT engine allows attackers to execute arbitrary code by tricking users into visiting malicious...

This vulnerability in Firefox for iOS allows malicious scripts to desynchronize the address bar from actual web content before a server response arriv...

Slican NCP/IPL/IPM/IPU devices contain a PHP function injection vulnerability in the /webcti/session_ajax.php endpoint. Unauthenticated remote attacke...

A cryptographic vulnerability in CIRCL's P-384 elliptic curve implementation produces incorrect CombinedMult results for specific inputs. This affects...

CVE-2026-26198 is a critical SQL injection vulnerability in Ormar ORM for Python that allows attackers to execute arbitrary SQL queries. Unauthorized ...

A remote command injection vulnerability in Zyxel EX3510-B0 devices allows attackers to execute arbitrary operating system commands by sending special...

An unauthenticated SQL injection vulnerability in Order Up Online Ordering System 1.0 allows attackers to execute arbitrary SQL commands via the store...

CVE-2019-25459 is an unauthenticated SQL injection vulnerability in Web Ofisi Emlak V2 real estate software. Attackers can inject SQL code through mul...

CVE-2026-27194 is a remote code execution vulnerability in D-Tale's /save-column-filter endpoint that allows attackers to execute arbitrary code on vu...

CVE-2026-2635 is an authentication bypass vulnerability in MLflow that allows remote attackers to gain administrative access without credentials. The ...

This vulnerability allows remote attackers to bypass authentication on GFI Archiver installations without requiring credentials. The flaw exists in th...

CVE-2019-25441 is a critical command injection vulnerability in thesystem 1.0 that allows unauthenticated attackers to execute arbitrary system comman...

A privilege escalation vulnerability in edu Business Solutions Print Shop Pro WebDesk allows remote attackers to gain elevated privileges by manipulat...

This vulnerability allows network-adjacent attackers to gain full administrative control of affected devices by setting administrator credentials to b...

An unauthenticated remote code execution vulnerability exists in Smanga 3.2.7 where the /php/path/rescan.php interface fails to sanitize the mediaId p...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the ThemeREX Lorem Ipsum | Books & Media ...

This CVE describes a PHP object injection vulnerability in the KindlyCare WordPress theme where untrusted data can be deserialized, potentially allowi...

This CVE describes a PHP object injection vulnerability in the Jthemes Prestige WordPress theme, caused by insecure deserialization of untrusted data....

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting insecure deserialization in the PhotoMe WordP...

This vulnerability in the BoldThemes Ippsum WordPress theme allows attackers to inject malicious objects through deserialization of untrusted data. It...

This CVE describes a PHP object injection vulnerability in the BoldThemes Nestin WordPress theme. Attackers can exploit insecure deserialization to ex...

This is a critical SQL injection vulnerability in Kolay Software Inc.'s Talentics platform that allows attackers to execute arbitrary SQL commands. It...

This critical vulnerability allows attackers to access and manipulate sensitive data without authentication in Acronis Cyber Protect products. It affe...

OpenClaw's Docker sandbox configuration injection vulnerability allows attackers to escape container isolation and access the host system. This affect...

RustFly 2.0.0 contains a critical command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP po...

RUCKUS Network Director (RND) OVA appliances contain identical hardcoded SSH keys for the postgres user across all deployments, allowing attackers wit...

CVE-2026-26339 is a critical argument injection vulnerability in Hyland Alfresco Transformation Service that allows unauthenticated attackers to execu...

The Saisies plugin for SPIP contains a critical Remote Code Execution vulnerability (CWE-94: Improper Control of Generation of Code) that allows attac...

This vulnerability in BiEticaret CMS allows attackers to bypass authentication and manipulate HTTP responses through Execution After Redirect and Miss...

CVE-2025-15559 is an unauthenticated OS command injection vulnerability in NesterSoft WorkTime server's client generation API. Attackers can execute a...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Grand Restaurant WordPress theme. Suc...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the WpEvently mage-eventpress WordPress p...

The s2Member WordPress plugin has a critical vulnerability that allows unauthenticated attackers to change any user's password, including administrato...

The Slider Future WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerability ...

The Prodigy Commerce WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execut...

The Buyent Classified plugin for WordPress allows unauthenticated attackers to register accounts with administrator privileges by manipulating the use...

This vulnerability allows unauthenticated attackers to register as administrators on WordPress sites using the Lizza LMS Pro plugin. All WordPress sit...

The Clasifico Listing WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges by manipulating the 'listin...

This CVE describes a remote command injection vulnerability in SECCN Dingcheng G10 software version 3.1.0.181203. Attackers can execute arbitrary oper...

CVE-2026-27180 allows unauthenticated attackers to execute arbitrary code on MajorDoMo systems by poisoning the update URL. Attackers can deploy websh...

CVE-2026-27174 allows unauthenticated attackers to execute arbitrary PHP code on MajorDoMo home automation systems via the admin panel's PHP console. ...

MailCarrier 2.51 contains a critical buffer overflow vulnerability in its POP3 service that allows remote attackers to execute arbitrary code by sendi...

CVE-2019-25360 is a critical buffer overflow vulnerability in Aida64 Engineer's CSV logging configuration that allows remote code execution. Attackers...

CVE-2019-25362 is a critical buffer overflow vulnerability in WMV to AVI MPEG DVD WMV Convertor 4.6.1217 that allows remote attackers to execute arbit...

CVE-2025-70152 is an unauthenticated SQL injection vulnerability in the Community Project Scholars Tracking System 1.0 that allows attackers to execut...

CVE-2025-70150 is a critical missing authentication vulnerability in CodeAstro Membership Management System 1.0 that allows unauthenticated attackers ...

CodeAstro Membership Management System 1.0 contains a SQL injection vulnerability in the print_membership_card.php file via the ID parameter. This all...

CVE-2025-65791 is a critical command injection vulnerability in ZoneMinder's image.php component that allows attackers to execute arbitrary commands o...

This vulnerability allows remote attackers to gain root access to UTT HiPER 810 / nv810v4 routers via telnet using insecure default credentials. Attac...