🔥 Trending CVEs - Last 90 Days

This SQL injection vulnerability in the AA-Team Amazon Affiliates Addon for WPBakery Page Builder allows attackers to execute arbitrary SQL commands t...

This SQL injection vulnerability in the Traveler WordPress theme allows attackers to execute arbitrary SQL commands against the database. It affects a...

This SQL injection vulnerability in the Roxnor PopupKit WordPress plugin allows attackers to execute arbitrary SQL commands through the popup-builder-...

This SQL injection vulnerability in the LambertGroup CountDown With Image or Video Background WordPress plugin allows attackers to execute arbitrary S...

This SQL injection vulnerability in the Themefic Hydra Booking WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It...

This SQL injection vulnerability in the LambertGroup LBG Zoominoutslider WordPress plugin allows attackers to execute arbitrary SQL commands on the da...

This SQL injection vulnerability in the LambertGroup xPromoter WordPress plugin allows attackers to execute arbitrary SQL commands through the top_bar...

This SQL injection vulnerability in the All In One SEO Pack WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It af...

This vulnerability allows an attacker to execute arbitrary code on a victim's system by exploiting an untrusted pointer dereference in Microsoft Offic...

This vulnerability allows an attacker to read memory outside the intended buffer in Microsoft Excel, potentially leading to information disclosure or ...

CVE-2026-21882 is a local privilege escalation vulnerability in theshit command-line utility that allows attackers to gain root privileges by exploiti...

This vulnerability allows DAG authors with existing permissions to manipulate Airflow's database to execute arbitrary code in the web-server context w...

This CVE describes a command injection vulnerability in the systeminformation Node.js library's wifiNetworks() function. Attackers can execute arbitra...

This critical vulnerability allows attackers with admin privileges to inject and execute arbitrary template code in server-side templates due to a vul...

Saturn Remote Mouse Server has a critical command injection vulnerability that allows unauthenticated attackers on the local network to execute arbitr...

Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field. Attackers can exploit this...

CVE-2020-37167 is a critical vulnerability in ClamAV's bytecode interpreter that allows attackers to manipulate function names through weak input vali...

CVE-2019-25336 is a local buffer overflow vulnerability in SpotAuditor's Base64 Encrypted Password tool that allows attackers to execute arbitrary cod...

CVE-2019-25332 is a local stack overflow vulnerability in FTP Commander Pro that allows attackers to execute arbitrary code by overwriting the EIP reg...

OpenClaw personal AI assistant versions before 2026.1.20 contain a command injection vulnerability. Unauthenticated local clients can exploit the Gate...

This CVE describes an out-of-bounds write vulnerability in Huawei camera modules that could allow attackers to crash affected systems. The vulnerabili...

This CVE describes a use-after-free concurrency vulnerability in the graphics module that could allow an attacker to cause system instability or crash...

This vulnerability in the Compressing library allows attackers to write files to arbitrary locations on the host filesystem by exploiting improper sym...

Boltz 2.0.0 contains a critical insecure deserialization vulnerability that allows arbitrary code execution when loading malicious pickle files. Attac...

This vulnerability allows a local user with filesystem access to escalate privileges on IBM Db2 for Windows systems due to an unquoted search path ele...

A stack-based buffer overflow vulnerability in GnuPG's tpm2daemon component allows attackers to execute arbitrary code or cause denial of service when...

This vulnerability in dataSIMS Avionics ARINC 664-1 version 4.5.3 allows attackers to execute arbitrary code on Windows systems by exploiting a local ...

A NULL pointer dereference vulnerability in SIPp allows remote attackers to crash the application via specially crafted SIP messages, causing denial o...

IBM Sterling Connect:Direct for UNIX contains hard-coded credentials that could allow attackers to authenticate to the system, communicate with extern...

CVE-2025-12985 is a privilege escalation vulnerability in IBM Licensing Operator where incorrect file permissions allow local attackers to gain root p...

The @fastify/express plugin vulnerability allows attackers to bypass middleware protection by using URL-encoded characters in paths. This affects appl...

This vulnerability allows attackers to bypass middleware protection in @fastify/middie by using URL-encoded characters in paths. Attackers can access ...

This vulnerability in Supermicro BMC firmware allows attackers to bypass validation checks and install malicious firmware images on affected systems. ...

CVE-2021-47775 is a buffer overflow vulnerability in YouTube Video Grabber (YouTube Downloader) that allows attackers to execute arbitrary code by ove...

An integer overflow vulnerability in GNU C Library's memalign functions (memalign, posix_memalign, aligned_alloc) can lead to heap corruption when bot...

A race condition vulnerability in the video framework module allows attackers to cause denial of service by exploiting multi-threading timing issues. ...

A race condition vulnerability in the card framework module allows attackers to disrupt system availability through multi-threaded exploitation. This ...

CVE-2023-54336 is an unquoted service path vulnerability in Mediconta 3.7.27 that allows local attackers to execute arbitrary code with LocalSystem pr...

CVE-2023-54338 is an unquoted service path vulnerability in Tftpd32 SE 4.60 that allows local attackers to execute arbitrary code with SYSTEM privileg...

CVE-2022-50938 is an unquoted service path vulnerability in CONTPAQi AdminPAQ 14.0.0 that allows attackers to inject malicious code into the service b...

CVE-2023-53984 is an unquoted service path vulnerability in Clevo HotKey Clipboard 2.1.0.6 that allows local non-privileged users to escalate privileg...

CVE-2022-50929 is an unquoted service path vulnerability in Connectify Hotspot 2018 that allows local attackers to execute arbitrary code with elevate...

CVE-2022-50930 is an unquoted service path vulnerability in Emerson PAC Machine Edition 9.80's TrapiServer service that allows local attackers to exec...

CVE-2022-50924 is an unquoted service path vulnerability in Private Internet Access VPN client version 3.3 that allows local attackers to execute arbi...

CVE-2022-50918 is an unquoted service path vulnerability in VIVE Runtime Service that allows local attackers to execute arbitrary code with SYSTEM pri...

CVE-2022-50920 is an unquoted service path vulnerability in Sandboxie-Plus's SbieSvc Windows service. This allows local attackers to place malicious e...

CVE-2022-50913 is an unquoted service path vulnerability in ITeC ITeCProteccioAppServer that allows local attackers to execute arbitrary code with SYS...

CVE-2022-50914 is an unquoted service path vulnerability in EaseUS Data Recovery 15.1.0.0 that allows attackers to place malicious executables in the ...

This CVE describes a use-after-free vulnerability in Microsoft Office that allows an unauthorized attacker to execute arbitrary code on a victim's sys...

This CVE describes a use-after-free vulnerability in Microsoft Office that allows an unauthorized attacker to execute arbitrary code on a victim's sys...