🔥 Trending CVEs - Last 30 Days

An unauthenticated stack-based buffer overflow vulnerability in Grandstream GXP1600 series VoIP phones allows remote attackers to execute arbitrary co...

The YayMail WordPress plugin has a privilege escalation vulnerability that allows authenticated attackers with Shop Manager access or higher to modify...

This vulnerability allows unauthenticated attackers to remotely change the password recovery email address via an exposed API endpoint. This affects H...

CVE-2026-23647 allows attackers to remotely authenticate to Glory RBG-100 recycler systems using hard-coded Linux credentials, including administrativ...

CVE-2026-2439 is a session ID generation vulnerability in Concierge::Sessions for Perl that allows attackers to guess session identifiers and gain una...

This vulnerability allows remote attackers to upload arbitrary files without restrictions to EFM iptime A6004MX routers via the commit_vpncli_file_upl...

CVE-2026-26369 is a privilege escalation vulnerability in eNet SMART HOME server where low-privileged users can elevate themselves to administrative p...

eNet SMART HOME server versions 2.2.1 and 2.3.1 ship with active default credentials (user:user, admin:admin) that don't require password changes duri...

This vulnerability allows unauthenticated attackers to bypass authorization and install arbitrary WordPress plugins via reverse DNS spoofing. It affec...

The Truelysell Core WordPress plugin allows unauthenticated attackers to create administrator accounts due to insufficient validation of the user_role...

The midi-Synth WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing validation in the 'export' AJAX action. This...

Known social publishing platform versions 1.6.2 and earlier contain a critical authentication bypass vulnerability where password reset tokens are exp...

Calero VeraSMART versions before 2022 R1 expose an unauthenticated .NET Remoting service on port 8001, allowing remote attackers to read/write arbitra...

This vulnerability allows attackers to achieve remote code execution on Calero VeraSMART servers by exploiting static ASP.NET machine keys. Attackers ...

This critical vulnerability in Milvus vector database allows unauthenticated attackers to bypass authentication and execute arbitrary operations. Atta...

CVE-2019-25337 is a username enumeration vulnerability in ownCloud that allows remote attackers to discover valid user accounts by sending crafted req...

CVE-2019-25327 is a critical buffer overflow vulnerability in Prime95 version 29.8 build 6 that allows remote attackers to execute arbitrary code by c...

CVE-2019-25319 is a critical stack overflow vulnerability in Domain Quester Pro 6.02 that allows remote attackers to execute arbitrary code by exploit...

CVE-2019-25321 is a critical stack overflow vulnerability in FTP Navigator 8.03 that allows attackers to execute arbitrary code by exploiting Structur...

Airleader Master versions 6.381 and prior have unrestricted file upload functionality on multiple webpages running with maximum privileges. This allow...

This vulnerability in Inspektor Gadget allows malicious containers to inject ANSI escape sequences into terminal output, potentially enabling terminal...

This vulnerability in FrankenPHP allows an attacker to manipulate Unicode characters in request paths to cause the server to execute unintended PHP fi...

CVE-2025-70314 is a critical buffer overflow vulnerability in webfsd 1.21 that allows remote attackers to execute arbitrary code by sending a speciall...

CVE-2026-26218 allows unauthenticated attackers to gain administrative control of newbee-mall applications by using predictable default passwords on p...

CVE-2025-70981 is a critical SQL injection vulnerability in CordysCRM 1.4.1 that allows attackers to execute arbitrary SQL commands through the depart...

This vulnerability allows attackers to upload malicious files to NTN Smart Panel systems, bypassing access controls. Attackers can execute arbitrary c...

This SQL injection vulnerability in Farktor Software's E-Commerce Package allows attackers to execute arbitrary SQL commands through the application. ...

This critical vulnerability in the AdForest WordPress theme allows unauthenticated attackers to bypass authentication and log in as any user, includin...

This vulnerability in the PF-50 1.2 keyfob of the PGST PG107 Alarm System allows attackers to perform code replay attacks, enabling unauthorized acces...

CVE-2026-26021 is a prototype pollution vulnerability in the npm package set-in that allows attackers to modify Object.prototype through crafted array...

A buffer overflow vulnerability in PJSIP's PJNATH ICE Session component allows attackers to execute arbitrary code or cause denial of service by sendi...

CVE-2020-37186 is a critical remote code execution vulnerability in Chevereto image hosting software. Attackers can inject malicious PHP code during d...

CVE-2020-37181 is a critical stack overflow vulnerability in Torrent FLV Converter 1.51 Build 117 that allows attackers to execute arbitrary code by e...

CVE-2020-37183 is a critical stack overflow vulnerability in Allok RM RMVB to AVI MPEG DVD Converter that allows remote code execution. Attackers can ...

CVE-2020-37176 is a critical stack overflow vulnerability in Torrent 3GP Converter 1.51 that allows remote attackers to execute arbitrary code by expl...

CVE-2020-37153 allows attackers to execute arbitrary system commands and perform cross-site scripting attacks in ASTPP VoIP billing software. This can...

This vulnerability in DiskCache (python-diskcache) allows arbitrary code execution when an attacker with write access to the cache directory injects m...

This CVE describes a stack buffer overflow vulnerability in OpenSatKit 2.2.1's file management component. Attackers can exploit this by providing long...

CVE-2025-69874 is a critical path traversal vulnerability in nanotar that allows attackers to write arbitrary files outside the intended extraction di...

This vulnerability allows unauthenticated attackers to remotely change device passwords via an unprotected API endpoint. It affects systems running vu...

METIS WIC devices with firmware versions up to oscore 2.1.234-r18 expose an unauthenticated web-based shell at the /console endpoint. This allows remo...

This vulnerability allows attackers to insert sensitive information into externally accessible files or directories in Logo j-Platform due to incorrec...

This CVE describes a link following vulnerability in QNAP operating systems that allows remote attackers to traverse the file system to unintended loc...

This vulnerability allows unauthenticated attackers to access critical functions in Dinosoft ERP without proper authentication or access controls. Att...

This vulnerability allows unauthenticated attackers to upload arbitrary PHP files to WordPress sites using the WPvivid Backup & Migration plugin, lead...

CVE-2026-25993 is a second-order SQL injection vulnerability in EverShop eCommerce platform that allows attackers to execute arbitrary SQL commands. A...

This critical vulnerability in Azure SDK allows remote code execution through deserialization of untrusted data. Attackers can exploit this over a net...

CASL Ability versions 2.4.0 through 6.7.4 contain a prototype pollution vulnerability that allows attackers to modify JavaScript object prototypes, po...

This authentication bypass vulnerability in Apache Druid allows attackers to gain unauthorized access by exploiting LDAP anonymous bind configurations...

This Server-Side Request Forgery (SSRF) vulnerability in Teknolist Okulistik allows attackers to make unauthorized requests from the vulnerable server...