🔥 Trending CVEs - Last 90 Days

This vulnerability in Langflow's CSV Agent node allows attackers to execute arbitrary Python and OS commands on the server via prompt injection, leadi...

This CVE describes a use-after-free vulnerability in FreeRDP's clipboard handling for X11 clients. When FreeRDP automatically reconnects, one thread f...

This is a use-after-free vulnerability in FreeRDP's X11 client implementation where the RDPGFX DVC thread can access a freed window pointer while the ...

This is a use-after-free vulnerability in FreeRDP's X11 client where a cached XImage continues to reference freed memory. Attackers could potentially ...

An unauthenticated remote code execution vulnerability in Juniper PTX Series routers allows attackers to execute arbitrary code as root by exploiting ...

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Manager allows unauthenticated remote attackers to gain netadmin privileges...

This vulnerability allows SQL injection through TLS-SRP handshake parameters, enabling attackers to inject known credentials into the database. Succes...

This critical vulnerability allows attackers to bypass authentication mechanisms in ePati Antikor Next Generation Firewall (NGFW), potentially gaining...

A path traversal vulnerability in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server allows attackers to access arbitrary files outside intend...

FreeScout's authentication system uses a predictable, static token that never expires. If an attacker obtains the Laravel APP_KEY (commonly exposed), ...

A critical path traversal and extension bypass vulnerability in Flask-Reuploaded versions before 1.5.0 allows remote attackers to write arbitrary file...

The SPIP tickets plugin contains an unauthenticated remote code execution vulnerability in forum preview handling. Attackers can inject malicious cont...

CVE-2026-21410 is a SQL injection vulnerability in SAT MasterSCADA BUK-TS web interface that allows attackers to execute arbitrary SQL commands. Succe...

Tattile Smart+, Vega, and Basic device families ship with default administrative credentials that cannot be changed during initial setup. Attackers wh...

CVE-2026-27590 is a path confusion vulnerability in Caddy server's FastCGI handling that occurs when processing Unicode characters in request paths. A...

Binardat 10G08-0800GSM network switches contain hard-coded administrative credentials that cannot be changed, allowing attackers with knowledge of the...

CVE-2025-69985 is an authentication bypass vulnerability in FUXA SCADA/HMI software that allows remote unauthenticated attackers to execute arbitrary ...

A JIT miscompilation vulnerability in Firefox's JavaScript: WebAssembly component could allow arbitrary code execution when processing malicious web c...

A spoofing vulnerability in the WebAuthn component of Firefox for Android allows attackers to potentially impersonate legitimate websites during authe...

A use-after-free vulnerability in Firefox's JavaScript engine allows attackers to execute arbitrary code by tricking users into visiting malicious web...

This vulnerability involves incorrect boundary conditions in the GMP (Gecko Media Plugins) audio/video component of Firefox, which could allow memory ...

This CVE describes a same-origin policy bypass vulnerability in Firefox's JAR (Java Archive) networking component. It allows malicious websites to acc...

Memory safety vulnerabilities in Mozilla Firefox and Thunderbird could allow memory corruption attacks. With sufficient effort, attackers could exploi...

This CVE describes a privilege escalation vulnerability in Firefox's Netmonitor component. Attackers could exploit this to gain elevated privileges wi...

This CVE describes a privilege escalation vulnerability in Firefox's Netmonitor component that allows attackers to gain elevated privileges on affecte...

This CVE describes a DOM security component mitigation bypass vulnerability in Firefox. Attackers could potentially bypass security controls to execut...

This CVE describes a use-after-free vulnerability in Firefox's DOM Bindings (WebIDL) component that could allow an attacker to execute arbitrary code....

A use-after-free vulnerability in Firefox's audio/video playback component allows attackers to execute arbitrary code or cause crashes. This affects F...

An integer overflow vulnerability in Firefox's Audio/Video component could allow attackers to execute arbitrary code or cause denial of service. This ...

A use-after-free vulnerability in Firefox's JavaScript garbage collector component allows attackers to execute arbitrary code by manipulating memory a...

An integer overflow vulnerability in Firefox's JavaScript Standard Library component could allow attackers to execute arbitrary code or cause denial o...

This CVE describes a use-after-free vulnerability in Firefox's JavaScript JIT compiler that could allow arbitrary code execution. It affects Firefox v...

A use-after-free vulnerability in Firefox's JavaScript JIT engine allows attackers to execute arbitrary code by tricking users into visiting malicious...

This vulnerability in Firefox for iOS allows malicious scripts to desynchronize the address bar from actual web content before a server response arriv...

Slican NCP/IPL/IPM/IPU devices contain a PHP function injection vulnerability in the /webcti/session_ajax.php endpoint. Unauthenticated remote attacke...

A cryptographic vulnerability in CIRCL's P-384 elliptic curve implementation produces incorrect CombinedMult results for specific inputs. This affects...

CVE-2026-26198 is a critical SQL injection vulnerability in Ormar ORM for Python that allows attackers to execute arbitrary SQL queries. Unauthorized ...

A remote command injection vulnerability in Zyxel EX3510-B0 devices allows attackers to execute arbitrary operating system commands by sending special...

An unauthenticated SQL injection vulnerability in Order Up Online Ordering System 1.0 allows attackers to execute arbitrary SQL commands via the store...

CVE-2019-25459 is an unauthenticated SQL injection vulnerability in Web Ofisi Emlak V2 real estate software. Attackers can inject SQL code through mul...

CVE-2026-27194 is a remote code execution vulnerability in D-Tale's /save-column-filter endpoint that allows attackers to execute arbitrary code on vu...

CVE-2026-2635 is an authentication bypass vulnerability in MLflow that allows remote attackers to gain administrative access without credentials. The ...

This vulnerability allows remote attackers to bypass authentication on GFI Archiver installations without requiring credentials. The flaw exists in th...

CVE-2019-25441 is a critical command injection vulnerability in thesystem 1.0 that allows unauthenticated attackers to execute arbitrary system comman...

A privilege escalation vulnerability in edu Business Solutions Print Shop Pro WebDesk allows remote attackers to gain elevated privileges by manipulat...

This vulnerability allows network-adjacent attackers to gain full administrative control of affected devices by setting administrator credentials to b...

An unauthenticated remote code execution vulnerability exists in Smanga 3.2.7 where the /php/path/rescan.php interface fails to sanitize the mediaId p...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the ThemeREX Lorem Ipsum | Books & Media ...

This CVE describes a PHP object injection vulnerability in the KindlyCare WordPress theme where untrusted data can be deserialized, potentially allowi...

This CVE describes a PHP object injection vulnerability in the Jthemes Prestige WordPress theme, caused by insecure deserialization of untrusted data....