🔥 Trending CVEs - Last 90 Days

This CVE describes a Missing Authorization vulnerability in the Wappointment WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a missing authorization vulnerability in the Virusdie WordPress plugin that allows attackers to bypass access controls. Attackers c...

This CSRF vulnerability in the WordPress My auctions allegro plugin allows attackers to trick authenticated administrators into performing unintended ...

This CVE describes a Missing Authorization vulnerability in the WP Time Slots Booking Form WordPress plugin that allows attackers to bypass access con...

This CSRF vulnerability in WP Email Capture allows attackers to trick authenticated WordPress administrators into performing unintended actions. It af...

This CVE describes a Missing Authorization vulnerability in the WpStream WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a Missing Authorization vulnerability in the WpStream WordPress plugin that allows attackers to bypass access controls and perform ...

This CVE describes a missing authorization vulnerability in the icc0rz H5P WordPress plugin that allows attackers to bypass access controls. It affect...

This vulnerability in the Evergreen Post Tweeter WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks that lead to S...

This CSRF vulnerability in the Trade Runner WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions...

CVE-2025-66210 is an authenticated command injection vulnerability in Coolify's Database Import functionality that allows users with application/servi...

Coolify versions before 4.0.0-beta.451 contain an authenticated command injection vulnerability in PostgreSQL initialization script filename handling....

Coolify versions before 4.0.0-beta.451 contain an authenticated command injection vulnerability in Dynamic Proxy Configuration Filename handling. User...

CVE-2025-66213 is an authenticated command injection vulnerability in Coolify's File Storage Directory Mount Path functionality. It allows users with ...

This is a cross-site scripting (XSS) vulnerability in IceWarp's gmaps webpage that allows remote attackers to bypass authentication. Attackers can exp...

An improper input validation vulnerability in Eaton xComfort ECI's web interface allows attackers with network access to execute privileged commands. ...

This vulnerability allows authenticated administrators in MyBB 1.8.32 to bypass avatar upload restrictions and execute arbitrary code through a chaine...

WebTareas 2.4 contains an authenticated file upload vulnerability that allows attackers to upload malicious PHP files and execute arbitrary code on th...

LSC Smart Connect Indoor IP Camera version 1.4.13 contains a remote code execution vulnerability in the start_app.sh script. Attackers can execute arb...

An unauthenticated remote attacker can exploit this Local File Inclusion vulnerability in Zimbra Collaboration's Webmail Classic UI to read arbitrary ...

A stack-based buffer overflow vulnerability exists in Tenda FH1201 routers version 1.2.0.14(408) affecting the SetIpBind function. Remote attackers ca...

A stack-based buffer overflow vulnerability in Tenda FH1201 and FH1206 routers allows remote attackers to execute arbitrary code by manipulating the w...

This CVE describes a remote stack-based buffer overflow vulnerability in Tenda AC18 routers. Attackers can exploit this by sending specially crafted H...

This CVE describes a stack-based buffer overflow vulnerability in Tenda AC18 routers running firmware version 15.03.05.05. Attackers can remotely expl...

This vulnerability allows remote code execution on Apache NiFi systems through unsafe Java deserialization in the GetAsanaObject Processor. Attackers ...

This vulnerability allows attackers on the same local network to bypass authentication by sending specially crafted URLs, gaining unauthorized access ...

A local privilege escalation vulnerability in Foxit PDF Reader/Editor Update Service allows low-privileged local attackers to modify plugin installati...

This vulnerability in BullWall Ransomware Containment allows authenticated attackers to rename directories to match exclusion patterns, bypassing rans...

Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, allowing attackers to upload malicious files to the server. This can lead to remo...

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives. Attackers ca...

This SQL injection vulnerability in Kentico Xperience allows authenticated editors to execute arbitrary SQL queries through online marketing macro par...

CVE-2025-14861 is a memory safety vulnerability in Firefox that could allow attackers to execute arbitrary code on affected systems. The vulnerability...

The Demo Importer Plus WordPress plugin has a critical vulnerability that allows authenticated attackers with Subscriber-level access or higher to tri...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to include and execute arbitrary PHP files on the serv...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Booking and Rental Manager for WooCom...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the PDF for Contact Form 7 WordPress plug...

This vulnerability allows attackers to execute arbitrary code on WordPress sites using the PDF for WPForms plugin by exploiting insecure deserializati...

This vulnerability allows attackers to execute arbitrary code on WooCommerce sites by exploiting insecure deserialization in the PDF Invoice Builder p...

This CVE describes an incorrect privilege assignment vulnerability in the Jthemes Sale! Immigration law WordPress theme (immiex) that allows authentic...

A Cross-Site Request Forgery (CSRF) vulnerability in Open Source Point of Sale (OSPOS) allows unauthenticated attackers to create administrator accoun...

CVE-2023-53929 is a CSV injection vulnerability in phpMyFAQ 3.1.12 that allows authenticated users to inject malicious formulas into their profile nam...

CVE-2023-53933 is a remote code execution vulnerability in Serendipity 2.4.0 that allows authenticated attackers to upload malicious PHP files with .p...

This vulnerability allows authenticated attackers to upload malicious PHP files disguised as avatar images in UliCMS, leading to remote code execution...

CVE-2023-53913 is a CSV injection vulnerability in Rukovoditel 3.3.1 that allows authenticated users to inject malicious formulas into user profile fi...

A SQL injection vulnerability in ChurchCRM allows authenticated users with any permission level to execute arbitrary SQL commands through the familyId...

CVE-2025-67877 is a SQL injection vulnerability in ChurchCRM versions before 6.5.3 that allows attackers to execute arbitrary SQL commands through the...

This CVE describes a sandbox escape vulnerability in macOS that allows malicious applications to bypass security restrictions. An attacker could execu...

A use-after-free vulnerability in Apple's WebKit browser engine allows processing malicious web content to execute arbitrary code. This affects multip...

AVideo versions before 20.1 contain an insecure direct object reference vulnerability that allows any authenticated user to upload files into other us...

This vulnerability allows any authenticated user to upload comment images to videos owned by other users in AVideo. Attackers can perform unauthorized...