🔥 Trending CVEs - Last 90 Days

This CSRF vulnerability in narda miteq Uplink Power Control Unit UPC2 version 1.17 allows remote attackers to trick authenticated users into executing...

ChurchCRM versions before 6.5.3 contain a SQL injection vulnerability in the ListEvents.php file. Any authenticated user, regardless of privilege leve...

This vulnerability is a use-after-free flaw in Chrome's WebGPU implementation that allows remote attackers to potentially exploit heap corruption. Att...

This vulnerability allows remote attackers to exploit heap corruption through out-of-bounds read/write in Chrome's V8 JavaScript engine. Attackers can...

nopCommerce 4.90.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in its Schedule Tasks functionality. This allows attackers to trick auth...

CVE-2025-66449 is an arbitrary file write vulnerability in ConvertX, a self-hosted online file converter. Authenticated users can upload files with ma...

This vulnerability in FreshRSS allows unprivileged users to perform path traversal via the language configuration parameter, enabling them to access i...

This vulnerability allows remote code execution through deserialization of untrusted JSON data in Pentaho's Community Dashboard Editor plugin. Attacke...

CVE-2023-53888 is a remote code execution vulnerability in Zomplog 3.9 that allows authenticated attackers to upload malicious JavaScript files, renam...

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary co...

CVE-2023-53868 is a remote code execution vulnerability in Coppermine Gallery that allows authenticated attackers to upload malicious PHP files throug...

This CVE describes a Server-Side Template Injection (SSTI) vulnerability in Frappe ERPNext that allows authenticated attackers with Address Template p...

This Server-Side Template Injection (SSTI) vulnerability in Frappe ERPNext allows authenticated attackers with Print Format creation/modification perm...

This SQL injection vulnerability in Frappe ERPNext allows attackers to execute arbitrary SQL queries through the from_posting_date parameter. It enabl...

This SQL injection vulnerability in Frappe ERPNext allows attackers to execute arbitrary SQL commands through the to_posting_date parameter. It enable...

An authenticated attacker with Dunning Type configuration access can exploit this Server-Side Template Injection vulnerability in Frappe ERPNext to ex...

A Zip Slip vulnerability in iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code by uploading a specially crafted Zip file. This affe...

FNT Command 13.4.0 contains a vulnerability in its C Base Module that allows remote code execution. Attackers can upload malicious files to execute ar...

Authenticated users in Wekan versions up to 18.15 can modify their entire user document, including organization/team memberships and account status fi...

This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-860LB1 and DIR-868LB1 routers by injecting malicious commands i...

A buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary code by manipulating schedStartTime/schedEndTime pa...

A stack-based buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary code by manipulating the rebootTime par...

This vulnerability allows remote attackers to execute arbitrary code on Tenda AC20 routers via a stack-based buffer overflow in the HTTP daemon. Attac...

This vulnerability in the Doubly WordPress plugin allows authenticated attackers with Subscriber-level access to execute arbitrary code through PHP ob...

The Postem Ipsum WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to c...

The WP3D Model Import Viewer plugin for WordPress has a vulnerability that allows authenticated attackers with Author-level access or higher to upload...

A memory corruption vulnerability in Apple operating systems allows attackers to execute arbitrary code by processing a malicious file. This affects u...

This vulnerability allows remote attackers to execute arbitrary code or cause denial of service through memory corruption in UTT 进取 512W devices. ...

WonderCMS 4.3.2 contains a cross-site scripting vulnerability in the module installation endpoint that allows attackers to inject malicious JavaScript...

This CVE describes an authenticated command injection vulnerability in Atcom 100M IP Phones firmware that allows attackers with administrative credent...

This vulnerability allows remote attackers to perform out-of-bounds memory access in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome on m...

This vulnerability allows attackers to execute arbitrary code as root by exploiting an eval injection in CloudLinux ai-bolit's malware de-obfuscation ...

CVE-2025-58770 is a BIOS vulnerability in AMI APTIOV firmware that allows local attackers to bypass permission checks and escalate privileges. This af...

This vulnerability allows attackers with database access to execute commands with unnecessary privileges, potentially expanding control from the datab...

This CVE describes a remote code execution vulnerability in Apache HugeGraph's PD store where a malicious Raft node can exploit insecure Hessian deser...

The Infility Global WordPress plugin allows authenticated attackers with subscriber-level access or higher to upload arbitrary files due to missing fi...

The Player Leaderboard WordPress plugin contains a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level acces...

CVE-2025-66419 is a sandbox escape vulnerability in MaxKB's tool module that allows attackers to escalate privileges under concurrent conditions. This...

CVE-2025-66446 is a privilege escalation vulnerability in MaxKB AI assistant where improper file permissions allow attackers to overwrite critical sys...

This vulnerability allows authenticated administrators in WBCE CMS to upload malicious ZIP modules containing PHP reverse shell code, leading to remot...

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality. Authenticated attackers can inject malicious SQL...

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module. Attackers with valid session credentials can exploit the '...

CVE-2024-58287 is an authenticated command injection vulnerability in reNgine 2.2.0 that allows attackers to execute arbitrary commands on the server....

A directory traversal vulnerability in cPanel's Team Manager API allows attackers to overwrite arbitrary files, potentially leading to privilege escal...

This vulnerability allows authenticated users of IBM Aspera Orchestrator to execute arbitrary commands with elevated system privileges due to improper...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows attackers to execute arbitrary commands via crafted P...

This CVE describes an OS command injection vulnerability in Ruijie RG-S1930 switches that allows attackers to execute arbitrary commands via a crafted...

This CVE describes an OS command injection vulnerability in Ruijie M18 routers that allows attackers to execute arbitrary commands on the device via a...

This CVE describes an OS command injection vulnerability in Ruijie X30-PRO routers that allows attackers to execute arbitrary commands via a crafted P...

This CVE describes an OS command injection vulnerability in Ruijie X60 PRO routers that allows attackers to execute arbitrary commands on the device. ...