🔥 Trending CVEs - Last 90 Days
4,505 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This vulnerability in Hono's JWT verification middleware allows algorithm confusion attacks, enabling attackers to forge JWT tokens that could be acce...
📅 56 days ago • Jan 13, 2026An arbitrary file deletion vulnerability in Aruba mobility conductors running AOS-8 allows unauthenticated remote attackers to delete files on affecte...
📅 56 days ago • Jan 13, 2026A vulnerability in Automai Director v.25.2.0 allows remote attackers to escalate privileges and access sensitive information by uploading a malicious ...
📅 58 days ago • Jan 12, 2026Errands versions before 46.2.10 fail to validate TLS certificates when connecting to CalDAV servers, allowing man-in-the-middle attackers to intercept...
📅 58 days ago • Jan 12, 2026This vulnerability allows unauthenticated attackers to bypass multi-factor authentication during password recovery on Intelbras CFTV IP cameras. Attac...
📅 60 days ago • Jan 9, 2026The iPaymu Payment Gateway for WooCommerce WordPress plugin has a missing authentication vulnerability that allows unauthenticated attackers to mark o...
📅 63 days ago • Jan 7, 2026This vulnerability in Gitea allows attackers to bypass file extension restrictions by manipulating attachment names through the attachment API. Attack...
📅 75 days ago • Dec 26, 2025Pexip Infinity versions 15.0 through 38.0 have an improper access control vulnerability in the Secure Scheduler for Exchange service when using Office...
📅 76 days ago • Dec 25, 2025This CVE describes a cross-site scripting (XSS) vulnerability in Hitachi's Infrastructure Analytics Advisor and Ops Center Analyzer products. Attacker...
📅 77 days ago • Dec 24, 2025CVE-2025-68696 is a Server-Side Request Forgery (SSRF) vulnerability in the httparty Ruby gem that allows attackers to make unauthorized requests to i...
📅 77 days ago • Dec 23, 2025This CVE describes an OS command injection vulnerability in Mitsubishi Electric's GENESIS64, ICONICS Suite, and MobileHMI software. A local attacker c...
📅 82 days ago • Dec 19, 2025This cross-site scripting (XSS) vulnerability in Microsoft Office Out-of-Box Experience allows attackers to inject malicious scripts into web pages. W...
📅 82 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Anchor Smooth Scroll WordPress plugin. It affe...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through PHP's include/require statements in the Rare Radio WordPress theme. A...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the MaxCube WordPress theme. Attackers can include arbitrary local files through improp...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the EcoGrow WordPress theme. Attackers can potenti...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include arbitrary local files through PHP's include/require functions in the Vocal WordPress theme. Attackers c...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Athos WordPress theme. It enables PHP Local Fi...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Basil WordPress theme that allows attackers to include arbitrary local files via im...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Dwell WordPress theme by axiomthemes. Attackers can include arbitrary local files t...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the FitFlex WordPress theme. Attackers can read se...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Sanger WordPress theme. Attackers can read sen...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Tourimo WordPress theme that allows attackers to include arbitrary local files via ...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Good Mood WordPress theme. Attackers can poten...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through PHP's include/require statements in the Festy WordPress theme. Attack...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Pathfinder WordPress theme. Attackers can include arbitrary local files, potentiall...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025An unauthenticated Broken Function Level Authorization vulnerability in Newgen OmniDocs v11.0 allows attackers to bypass authentication and access pri...
📅 86 days ago • Dec 15, 2025This vulnerability in Wekan allows attackers to cause application-layer denial of service (DoS) by sending any non-empty Authorization bearer token to...
📅 86 days ago • Dec 15, 2025Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
