🔥 Trending CVEs - Last 90 Days

This CVE describes an OS command injection vulnerability in Ruijie X60 PRO routers that allows attackers to execute arbitrary commands on the device. ...

This CVE describes an OS command injection vulnerability in Ruijie X60 PRO routers that allows attackers to execute arbitrary commands on the device. ...

This CVE describes an OS command injection vulnerability in Ruijie RG-EW1800GX PRO wireless access points. Attackers can execute arbitrary commands on...

This CVE describes an OS command injection vulnerability in Ruijie RG-EW1200G PRO wireless access points. Attackers can execute arbitrary commands on ...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR600W routers that allows attackers to execute arbitrary commands via crafted ...

This CVE describes an OS command injection vulnerability in Ruijie X30-PRO routers that allows attackers to execute arbitrary commands on the device v...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows attackers to execute arbitrary commands on the device...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows attackers to execute arbitrary commands via a crafted...

This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows attackers to execute arbitrary commands on the device...

This CVE describes an OS command injection vulnerability in Ruijie RG-YST EST devices that allows attackers to execute arbitrary commands via a crafte...

This CVE describes an OS command injection vulnerability in Ruijie RG-YST access points that allows attackers to execute arbitrary commands on the dev...

This CVE describes an OS command injection vulnerability in Ruijie X30-PRO routers that allows attackers to execute arbitrary commands on the device. ...

A buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1 allows remote attackers to execute arbitrary code by manipulating the 'p...

This vulnerability allows attackers to bypass authentication in HYPR Server by spoofing identities, potentially gaining unauthorized access to systems...

This vulnerability allows attackers to bypass file integrity validation in TeamViewer DEX Client's Content Distribution Service by providing a valid h...

This vulnerability allows authenticated attackers to upload malicious SVG files and create hotlinks that execute stored cross-site scripting (XSS) att...

This stored XSS vulnerability in Gogs allows authenticated users to inject malicious JavaScript via data: URIs in comments and issue descriptions. The...

A stored cross-site scripting vulnerability in OpenEMR's GAD-7 anxiety assessment form allows authenticated clinicians to inject malicious JavaScript....

Authenticated users in Traccar GPS tracking system can upload malicious SVG files containing JavaScript, which executes in other users' browsers when ...

A stored cross-site scripting (XSS) vulnerability in Statmatic CMS allows authenticated users with content creation permissions to inject malicious Ja...

Authenticated students can inject malicious JavaScript into uploaded assignment files in Open eClass platform. When instructors view these submissions...

This vulnerability allows users in the 'incus' group to inject newlines into container environment variables, enabling arbitrary command execution on ...

This vulnerability in Incus allows users with container launch privileges to exploit directory traversal or symbolic links in template functionality, ...

OpenProject versions 16.3.0 through 16.6.4 have a stored cross-site scripting vulnerability in the Roadmap view that allows attackers to inject malici...

This is a stored cross-site scripting (XSS) vulnerability in ConnectWise PSA's Time Entry Audit Trail feature. Attackers can inject malicious scripts ...

LaSuite Doc versions 3.8.0 to 4.3.0 contain a stored XSS vulnerability in the Interlinking feature. Attackers with document editing privileges can inj...

This vulnerability allows an authenticated user to inject malicious scripts into GitLab's Markdown rendering, which then executes in other users' brow...

This stored cross-site scripting (XSS) vulnerability in phpgurukul Hostel Management System v2.1 allows attackers to inject malicious scripts into com...

A stored XSS vulnerability in TrueConf Server v5.5.2.10813 allows attackers to inject malicious scripts via the meeting location field. When users vie...

A misconfigured proxy in runtimes-inventory-rhel8-operator attaches cluster administrative credentials to all commands instead of only authorized repo...

CVE-2026-21333 is an untrusted search path vulnerability in Adobe Illustrator that could allow attackers to execute arbitrary code with the current us...

This vulnerability in OneUptime allows attackers to hijack GitHub App installations and manipulate project repositories without proper authorization. ...

This vulnerability in nltk's filestring() function allows attackers to read arbitrary files on the system by providing malicious file paths. It affect...

CVE-2026-28679 is a path traversal vulnerability in Home-Gallery.org that allows attackers to download sensitive system files outside the intended med...

This vulnerability allows attackers to elevate privileges in Payment Orchestrator Service, potentially gaining unauthorized access to payment processi...

This vulnerability in NLTK allows attackers to read arbitrary files on the server through path traversal attacks in multiple CorpusReader classes. It ...

An unauthenticated remote attacker can send crafted packets to Cisco ASA/FTD Remote Access SSL VPN servers to exhaust device memory, causing denial of...

An unauthenticated remote attacker can cause Cisco ASA/FTD firewall devices to reload by sending crafted HTTP requests to the VPN web server, resultin...

This SSRF vulnerability in changedetection.io allows authenticated users (or any user when no password is configured, which is the default) to make th...

ImageMagick's path security policy enforcement occurs before filesystem path resolution, allowing path traversal attacks to bypass policy rules like '...

This SSRF vulnerability in Astro web framework allows attackers to redirect error page requests to internal network resources by manipulating the Host...

This path traversal vulnerability in the WordPress 'Upload Files Anywhere' plugin allows attackers to delete arbitrary files on the server. It affects...

This vulnerability allows unauthenticated attackers to abuse the ShopLentor WordPress plugin as an email relay. Attackers can send arbitrary emails wi...

This SQL injection vulnerability in Tumeva News Software allows attackers to execute arbitrary SQL commands on the database. All users running affecte...

An authentication bypass vulnerability in Ivanti Endpoint Manager allows remote unauthenticated attackers to access stored credential data. This affec...

This reflected XSS vulnerability in Zirve Information Technologies' e-Taxpayer Accounting Website allows attackers to inject malicious scripts into we...

Calibre e-book manager versions before 9.2.0 contain a path traversal vulnerability in the CHM reader that allows attackers to write arbitrary files a...

This SSRF vulnerability in Pydantic AI allows attackers to make the server request internal network resources when applications accept message history...

This Azure Arc vulnerability allows authenticated attackers to elevate privileges within managed systems, potentially gaining administrative control. ...

CVE-2025-13379 is a SQL injection vulnerability in IBM Aspera Console versions 3.4.0 through 3.4.8 that allows remote attackers to execute arbitrary S...