🔥 Trending CVEs - Last 90 Days

This vulnerability in Hono framework versions 4.12.0-4.12.1 allows attackers to bypass IP-based access controls when using the AWS Lambda adapter behi...

This vulnerability in ImageMagick allows attackers to trigger an integer overflow when processing large UHDR images, leading to heap buffer overflow a...

This SQL injection vulnerability in WebIncorp ERP allows unauthenticated attackers to manipulate database queries through the prod_id parameter in pro...

Inventory Webapp contains an unauthenticated SQL injection vulnerability in the add-item.php endpoint. Attackers can inject malicious SQL code through...

XOOPS CMS 2.5.9 contains an unauthenticated SQL injection vulnerability in the gerar_pdf.php endpoint via the cid parameter. Attackers can execute arb...

CVE-2019-25366 is an SQL injection vulnerability in microASP Portal+ CMS that allows unauthenticated attackers to execute arbitrary SQL queries by inj...

CVE-2026-2818 is a zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality that allows attackers to write arbitrary...

A Cross-Site Scripting (XSS) vulnerability in Key Systems Inc Global Facilities Management Software allows remote attackers to inject malicious script...

CVE-2026-21535 is an improper access control vulnerability in Microsoft Teams that allows unauthorized attackers to access and disclose sensitive info...

CVE-2026-26337 is an absolute path traversal vulnerability in Hyland Alfresco Transformation Service that allows unauthenticated attackers to read arb...

MajorDoMo contains an unauthenticated SQL injection vulnerability in the commands module that allows attackers to execute arbitrary SQL queries withou...

This SQL injection vulnerability in SD.NET RIM allows attackers to execute arbitrary SQL commands through POST parameters 'idtyp' and 'idgremium' at t...

This vulnerability in OpenStack Nova allows authenticated users to trigger unsafe image resize operations by writing malicious QCOW headers to root or...

A vulnerability in Yokogawa's Vnet/IP Interface Package allows attackers to cause denial of service or execute arbitrary code by sending maliciously c...

CVE-2019-25325 is an SQL injection vulnerability in Thrive Smart Home 1.1 that allows unauthenticated attackers to bypass authentication by injecting ...

This vulnerability in Dell Update Package (DUP) Framework allows low-privileged local attackers to elevate their privileges to higher levels. It affec...

This vulnerability in Vadi Corporate Information Systems' DIGIKENT software exposes sensitive system information to unauthorized parties. It affects a...

This vulnerability in PowerDNS Recursor allows attackers to poison cached DNS delegations by sending crafted delegations or IP fragments. This affects...

A DOM-based cross-site scripting (XSS) vulnerability in JetBrains PyCharm's Jupyter viewer page allows attackers to execute arbitrary JavaScript in th...

A path traversal vulnerability in Calibre's EPUB conversion allows malicious EPUB files to corrupt arbitrary files writable by the Calibre process. At...

This vulnerability in REVA's GRPC authorization middleware allows attackers to bypass scope verification on public links. Malicious users can exploit ...

This vulnerability in Azure Functions allows unauthorized access to sensitive information such as environment variables, configuration files, or appli...

This SQL injection vulnerability in the Popup Builder WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through REST A...

CVE-2026-24843 is a path traversal vulnerability in melange that allows attackers to write files outside the intended workspace directory. Attackers w...

CVE-2020-37110 is an SQL injection vulnerability in 60CycleCMS 2.5.2 that allows attackers to manipulate database queries through unvalidated user inp...

This vulnerability allows unauthenticated attackers to trigger resource-intensive text generation operations and manipulate server state in the lollms...

This CVE describes an information disclosure vulnerability in HeyGarson software where error messages reveal sensitive information during fuzzing atta...

An input neutralization vulnerability in Crafty Controller's Backup Configuration component allows authenticated attackers to perform path traversal a...

CVE-2026-24842 is a path traversal vulnerability in node-tar, a Node.js library for handling TAR archives, affecting versions prior to 7.5.7. It allow...

This vulnerability allows attackers to impersonate legitimate nodes in Meshtastic mesh networks by forging NodeInfo packets that claim HAM mode is ena...

CVE-2021-47902 is a SQL injection vulnerability in Testa Online Test Management System that allows attackers to inject malicious SQL code through the ...

This path traversal vulnerability in Azure Logic Apps allows unauthorized attackers to access restricted directories and elevate privileges over the n...

This CVE describes a Local File Inclusion vulnerability in the Bfres WordPress theme that allows attackers to include arbitrary PHP files from the ser...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local PHP files through improper filename control in the Rashy WordPress theme. Attackers can read sens...

This CVE describes a missing authorization vulnerability in the WordPress User Registration plugin that allows attackers to bypass access controls. It...

Blitar Tourism 1.0 contains an SQL injection vulnerability in the login mechanism that allows attackers to bypass authentication and gain administrati...

CVE-2021-47846 is a critical SQL injection vulnerability in Digital Crime Report Management System 1.0 that allows unauthenticated attackers to bypass...

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on affected Cisco Unified Communications systems by ...

Apache Solr deployments using RuleBasedAuthorizationPlugin with specific configurations are vulnerable to unauthorized API access. Attackers can bypas...

A high-severity vulnerability in Oracle VM VirtualBox allows attackers with local high-privilege access to compromise the virtualization software, pot...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to completely compromise the Virtual...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to completely compromise the Virtual...

This vulnerability allows unauthenticated attackers to access Stripe SetupIntent client_secret values for any membership in the Restrict Content WordP...

An unauthenticated cross-site scripting (XSS) vulnerability in Mitel's Multimedia Email component allows attackers to execute arbitrary scripts in vic...

CVE-2025-70298 is an out-of-bounds read vulnerability in GPAC's OGG demuxer that could allow attackers to read sensitive memory contents or cause appl...

Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the login validation endpoint. Attackers can execute arbitrary SQL ...

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the JSON API's 'sort' parameter that allows attackers to execute arbitrary SQL queries. A...

WorkOrder CMS 0.1.0 contains an unauthenticated SQL injection vulnerability in login parameters that allows attackers to bypass authentication and exe...

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows unauthenticated attackers to execut...