🔥 Trending CVEs - Last 90 Days

This is a reflected cross-site scripting (XSS) vulnerability in Ankara Hosting Website Design Website Software that allows attackers to inject malicio...

A stack-based buffer overflow vulnerability in libsoup allows remote attackers to execute arbitrary code or crash applications by sending specially cr...

This SQL injection vulnerability in AKCE Software's SKSPro allows attackers to execute arbitrary SQL commands on the database. All SKSPro installation...

CVE-2025-69662 is an SQL injection vulnerability in geopandas' to_postgis() function that allows attackers to execute arbitrary SQL commands when writ...

This SQL injection vulnerability in Kodmatic's Online Exam and Assessment software allows attackers to execute arbitrary SQL commands through user inp...

CVE-2025-57793 is a SQL injection vulnerability in Explorance Blue software that allows unauthenticated attackers to execute arbitrary database querie...

Python-Multipart versions before 0.0.22 contain a path traversal vulnerability when configured with UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True. Attacker...

This CVE describes a path traversal vulnerability in the Harmonic Design HDForms WordPress plugin, allowing attackers to delete arbitrary files on the...

This path traversal vulnerability in the Anona WordPress theme allows attackers to delete arbitrary files on affected systems. It affects all WordPres...

This path traversal vulnerability in the ovatheme Movie Booking WordPress plugin allows attackers to delete arbitrary files on the server. It affects ...

CVE-2025-27378 is a SQL injection vulnerability in AES software where an inactive configuration prevents proper SQL parsing. Attackers can exploit thi...

An unauthenticated remote attacker can exploit this vulnerability in Oracle Hospitality OPERA 5 via HTTP to access, modify, or delete sensitive data, ...

CVE-2026-23949 is a Zip Slip path traversal vulnerability in jaraco.context's tarball() function that allows attackers to extract files outside the in...

Pimcore versions before 12.3.1 and 11.5.14 store sensitive information like database passwords and session cookies in the http_error_log file, which c...

SumatraPDF versions 3.5.2 and earlier contain an untrusted search path vulnerability that allows arbitrary code execution. When users trigger the Adva...

This vulnerability allows authenticated attackers with connector management privileges to read arbitrary files and make arbitrary network requests by ...

This CVE describes an untrusted search path vulnerability in Adobe Illustrator that could allow arbitrary code execution when a user opens a malicious...

This CVE describes an OS command injection vulnerability in Adobe Dreamweaver Desktop versions 21.6 and earlier. Attackers can execute arbitrary code ...

Adobe Dreamweaver versions 21.6 and earlier contain an improper input validation vulnerability that allows arbitrary code execution when a user opens ...

CVE-2026-21271 is an Improper Input Validation vulnerability in Adobe Dreamweaver Desktop versions 21.6 and earlier that allows arbitrary code executi...

Adobe Dreamweaver versions 21.6 and earlier contain an improper input validation vulnerability that allows arbitrary file system writes when a user op...

This authentication bypass vulnerability in Semantic machines v5.4.8 allows attackers to access protected API endpoints without valid credentials by s...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands by manipulating NTP configuration settings on affecte...

This vulnerability in libsoup's NTLM authentication handling allows attackers to cause denial-of-service crashes by sending extremely long passwords t...

The MoneySpace WordPress plugin exposes full payment card details including CVV codes to unauthenticated attackers. Any WordPress site using MoneySpac...

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the Team plugin. Attackers can potentia...

The Plugin Organizer WordPress plugin before version 10.2.4 contains a SQL injection vulnerability that allows authenticated subscribers to execute ar...

This vulnerability is an out-of-bounds write in the ESP-IDF Bluetooth host stack that occurs when more than 32 services are discovered during Bluetoot...

The Eaton UPS Companion software installer fails to properly authenticate library files, allowing attackers who can modify the software package to exe...

This vulnerability allows attackers to inject malicious serialized objects into LangChain applications by exploiting improper escaping of user-control...

This vulnerability allows attackers to inject malicious objects through untrusted data deserialization in the PDF for Elementor Forms WordPress plugin...

This vulnerability allows attackers to escalate privileges in the Hotel Listing WordPress plugin, potentially gaining administrative access. It affect...

This CVE describes a Missing Authorization vulnerability in the Tyler Moore Super Blank WordPress plugin that allows unauthorized users to delete arbi...

This CVE describes a prototype pollution vulnerability in Vuetify's preset configuration feature. Attackers can inject malicious properties into JavaS...

CVE-2026-31817 is a path traversal vulnerability in OliveTin's log file creation mechanism. When the saveLogs feature is enabled, attackers can inject...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Plane project management software. Attackers with workspace ADMIN privileges ...

CVE-2026-28442 allows authenticated users to delete critical system files in ZimaOS by manipulating API requests, bypassing frontend restrictions. Thi...

This vulnerability allows attackers to bypass frontend restrictions and create files or directories in sensitive system locations like /etc and /usr v...

This vulnerability in Valkey allows malicious users to inject arbitrary data into response streams via scripting commands, potentially corrupting or t...

This SQL injection vulnerability in the Quiz And Survey Master WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It...

This Server-Side Request Forgery (SSRF) vulnerability in SillyTavern allows authenticated users to make arbitrary HTTP requests from the server and re...

This vulnerability in Qdrant vector database allows attackers with read-only access to append arbitrary content to files on the server via the /logger...

This SQL injection vulnerability in the KiviCare WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all W...

This vulnerability in KubeVirt Containerized Data Importer (CDI) allows authenticated users to clone PersistentVolumeClaims from namespaces they shoul...

This SQL injection vulnerability in FooEvents for WooCommerce allows attackers to execute arbitrary SQL commands on the database. It affects all WooCo...

This SQL injection vulnerability in Happy Addons for Elementor WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It...

This SQL injection vulnerability in the AppExperts WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all...

This vulnerability in Ansible Automation Platform allows read-only OAuth2 API tokens to perform unauthorized write operations on backend services like...

This vulnerability in Plex Media Server allows attackers to obtain permanent access tokens using transient tokens via the /myplex/account API endpoint...

This SQL injection vulnerability in the Mediabay WordPress plugin allows attackers to execute arbitrary SQL commands against the database. It affects ...