🔥 Trending CVEs - Last 90 Days

CVE-2026-28710 allows attackers to access and manipulate sensitive information in Acronis Cyber Protect 17 due to improper authentication. This affect...

OpenClaw versions before 2026.2.2 have an authentication bypass vulnerability in the WebSocket gateway connection handshake. Attackers can connect wit...

OpenClaw versions 2026.1.29-beta.1 through 2026.2.1 contain a path traversal vulnerability in plugin installation. Attackers can craft malicious plugi...

This vulnerability in the WordPress Restrict Content plugin allows unauthenticated attackers to register with any membership level, including inactive...

This SQL injection vulnerability in Cisco Secure FMC's web management interface allows authenticated attackers to execute arbitrary SQL commands. Atta...

A heap-based buffer overflow vulnerability in libbiosig's Nicolet WFT file parser allows arbitrary code execution when processing malicious .wft files...

This vulnerability allows unauthenticated attackers to bypass authentication in WordPress sites using the User Registration & Membership plugin. Attac...

A buffer overflow vulnerability in the parallel HNSW index build functionality of pgvector allows authenticated database users to read sensitive data ...

This is a reflected Cross-site Scripting (XSS) vulnerability in Rucio's WebUI that allows attackers to steal login session tokens. Attackers can craft...

CVE-2026-22719 is a command injection vulnerability in VMware Aria Operations that allows unauthenticated attackers to execute arbitrary commands duri...

OpenEMR patient portal users can forge provider signatures by exploiting an authorization bypass in the signature upload endpoint. This affects all Op...

This path traversal vulnerability in ASUSTOR ADM FTP Backup allows attackers to access files outside the intended directory by manipulating file paths...

This vulnerability in RustFS allows attackers to bypass upload policy restrictions in presigned POST uploads, enabling unauthorized file uploads that ...

OpenEMR versions before 7.0.4 have disabled SSL/TLS certificate verification by default in their HTTP client, making all HTTPS connections vulnerable ...

An authenticated user with Installer role in REB500 can access and modify directories they are not authorized to access. This privilege escalation vul...

Zumba Json Serializer versions 3.2.2 and below allow PHP Object Injection through untrusted JSON deserialization. The library's @type field can instan...

This stored cross-site scripting (XSS) vulnerability in Statmatic CMS allows authenticated users with field management permissions to inject malicious...

FeathersJS versions 5.0.39 and below have an origin validation vulnerability where the getAllowedOrigin() function uses startsWith() for comparison, a...

This vulnerability allows unauthorized authentication in Strimzi Kafka clusters when using custom CA certificates with multi-stage chains. Attackers w...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on MLflow Tracking Server installations via directory traversal i...

This CVE describes a command injection vulnerability in Deno's node:child_process implementation that allows attackers to execute arbitrary commands o...

This vulnerability allows attackers to include local files on the server through PHP's include/require statements in the Parkivia WordPress theme. Att...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a PHP Local File Inclusion vulnerability in the Redy WordPress theme by axiomthemes, allowing attackers to include arbitrary local ...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows remote attackers to execute arbitrary operating system commands on EnOcean SmartServer IoT devices by sending specially craf...

This CVE describes a PHP Local File Inclusion vulnerability in the PJ | Life & Business Coaching WordPress theme. Attackers can include arbitrary loca...

This CVE describes a PHP Local File Inclusion vulnerability in the Struktur WordPress theme. Attackers can include arbitrary local files through impro...

This vulnerability allows attackers to include local PHP files through improper filename control in the ThemeREX Gable WordPress theme. Attackers can ...

This CVE describes a PHP Local File Inclusion vulnerability in the ThemeREX Tint WordPress theme. Attackers can exploit improper filename control in i...

This CVE describes a PHP Local File Inclusion vulnerability in the ThemeREX Cobble WordPress theme. Attackers can include arbitrary local files throug...

This CVE describes a PHP Local File Inclusion vulnerability in the SolverWp Portfolio Builder WordPress plugin. Attackers can exploit improper filenam...

This vulnerability allows attackers to include local PHP files through improper filename control in the PeakShops WordPress theme. Attackers can poten...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a Local File Inclusion (LFI) vulnerability in the Hara WordPress theme that allows attackers to include arbitrary local files throu...

This CVE describes a PHP Local File Inclusion vulnerability in the Urna WordPress theme. Attackers can exploit improper filename control in include/re...

SPIP versions before 4.4.9 contain an insecure deserialization vulnerability in the public area through the table_valeur filter and DATA iterator. Att...

CVE-2026-26016 is an authorization bypass vulnerability in Pterodactyl Panel's Wings control plane that allows any authenticated Wings node to access ...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects, including JavaScript actions, through user-controlled properties in the ...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects into generated documents by controlling the argument of the `addJS` metho...

Dell PowerProtect Data Manager versions before 19.22 have an incorrect privilege assignment vulnerability that allows low-privileged remote attackers ...