🔥 Trending CVEs - Last 90 Days

A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious ...

A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious ...

A use-after-free vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious SFD files or...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SFD font files or visiting malicious web...

CVE-2022-50804 is a CSRF vulnerability in JM-DATA ONU JF511-TV version 1.0.67 that allows attackers to trick authenticated administrators into unknowi...

This vulnerability allows authenticated attackers to execute arbitrary system commands on SOUND4 IMPACT/FIRST/PULSE/Eco systems through command inject...

A buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the P...

This CVE describes a Missing Authorization vulnerability in the Eagle Booking WordPress plugin that allows attackers to change plugin settings without...

This CVE describes a Missing Authorization vulnerability in the HomeFix Elementor Portfolio WordPress plugin that allows attackers to bypass access co...

This CVE describes a heap-based buffer overflow vulnerability in Tenda M3 routers version 1.0.0.13(4903). Attackers can remotely exploit this vulnerab...

A stack-based buffer overflow vulnerability in Tenda M3 routers allows remote attackers to execute arbitrary code by manipulating the mac/terminal par...

This vulnerability allows remote attackers to execute arbitrary code on Tenda M3 routers via a heap-based buffer overflow in the web interface. Attack...

This vulnerability allows remote attackers to execute arbitrary code on Tenda M3 routers via a stack-based buffer overflow in the formSetRemoteVlanInf...

This vulnerability allows remote attackers to execute arbitrary code on Tenda M3 routers via a heap-based buffer overflow in the formSetVlanPolicy fun...

This vulnerability in Tenda AC10U routers allows remote attackers to execute arbitrary code via a buffer overflow in the lanMask parameter of the /gof...

A stack-based buffer overflow vulnerability in Tenda AC23 routers allows remote attackers to execute arbitrary code by manipulating the bindnum parame...

A buffer overflow vulnerability in Tenda AC23 routers allows remote attackers to execute arbitrary code by sending specially crafted HTTP POST request...

A buffer overflow vulnerability in Tenda AC10U routers allows remote attackers to execute arbitrary code by sending specially crafted HTTP POST reques...

DedeCMS v5.7 contains a CSRF vulnerability in the makehtml_list_action.php file that allows attackers to trick authenticated administrators into perfo...

NagiosXI 2026R1.0.1 build 1762361101 contains a SQL injection vulnerability in dashboard parameters that lacks proper input filtering. Any authenticat...

CVE-2025-55061 is an unrestricted file upload vulnerability (CWE-434) that allows attackers to upload malicious files to vulnerable systems. This coul...

A buffer overflow vulnerability in D-Link DWR-M920 routers allows remote attackers to execute arbitrary code by manipulating the submit-url parameter ...

A stack-based buffer overflow vulnerability exists in D-Link DWR-M920 routers through firmware version 1.1.50. Remote attackers can exploit this by ma...

A buffer overflow vulnerability in D-Link DWR-M920 routers allows remote attackers to execute arbitrary code by manipulating the submit-url parameter....

This vulnerability allows remote attackers to execute arbitrary commands on TRENDnet TEW-800MB routers through command injection in the NTPSyncWithHos...

This vulnerability allows remote attackers to execute arbitrary commands on TRENDnet TEW-800MB routers by injecting malicious commands through the man...

LMDeploy versions before 0.11.1 have an insecure deserialization vulnerability where torch.load() is called without the weights_only=True parameter wh...

A command injection vulnerability in Yealink T21P_E2 phones allows remote attackers with normal privileges to execute arbitrary code via crafted reque...

This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 512W devices through a buffer overflow in the ConfigExceptMSN funct...

This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 512W devices through a buffer overflow in the formPictureUrl functi...

This vulnerability allows remote attackers to execute arbitrary code on UTT 进取 512W devices via a buffer overflow in the strcpy function in the /g...

This vulnerability allows remote attackers to execute arbitrary code on affected UTT 进取 512W devices via a buffer overflow in the formConfigNotice...

This vulnerability allows attackers to upload malicious files to Specto CM systems, potentially leading to remote code execution. It affects all Spect...

This CVE describes a Missing Authorization vulnerability in the Userpro WordPress plugin by DeluxeThemes. It allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Bit Assist WordPress plugin that allows attackers to bypass access controls. It affect...

This CSRF vulnerability in the Five Star Restaurant Reservations WordPress plugin allows attackers to trick authenticated administrators into performi...

This CVE describes a missing authorization vulnerability in the WP Adminify WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a missing authorization vulnerability in the WP Adminify WordPress plugin that allows attackers to bypass access controls and perfo...

This CVE describes a Missing Authorization vulnerability in the Trustindex Widgets for Social Photo Feed WordPress plugin. It allows attackers to expl...

This CSRF vulnerability in the Advanced Classifieds & Directory Pro WordPress plugin allows attackers to trick authenticated administrators into perfo...

This CVE describes a Missing Authorization vulnerability in the Funnelforms Free WordPress plugin that allows attackers to bypass access controls. Att...

This CSRF vulnerability in the Tikweb Management Fast User Switching WordPress plugin allows attackers to trick authenticated administrators into perf...

This CSRF vulnerability in the Vimeotheque WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions ...

This CVE describes a missing authorization vulnerability in the WP Document Revisions WordPress plugin that allows attackers to bypass access controls...

This CVE describes a missing authorization vulnerability in the Cooked WordPress plugin that allows attackers to bypass access controls. It affects al...

This CVE describes a Missing Authorization vulnerability in the SALESmanago WordPress plugin that allows attackers to bypass access controls. It affec...

This CVE describes a Missing Authorization vulnerability in the Spider Themes BBP Core WordPress plugin that allows attackers to bypass access control...

This CSRF vulnerability in the Simple Keyword to Link WordPress plugin allows attackers to trick authenticated administrators into performing unintend...

This CVE describes a Missing Authorization vulnerability in the Wappointment WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a missing authorization vulnerability in the Virusdie WordPress plugin that allows attackers to bypass access controls. Attackers c...