🔥 Trending CVEs - Last 90 Days

This vulnerability allows attackers to include local PHP files through improper filename control in the PartyMaker WordPress theme. Attackers can pote...

This CVE describes a PHP Local File Inclusion vulnerability in the DiveIt WordPress theme that allows attackers to include arbitrary local files via i...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a PHP Local File Inclusion vulnerability in the MoveMe WordPress theme. Attackers can exploit improper filename control in include/...

This CVE describes a PHP Local File Inclusion vulnerability in the MaxShop WordPress theme. Attackers can include arbitrary local files through improp...

This vulnerability allows attackers to include local PHP files through improper filename control in the Töbel WordPress theme. Attackers can potentia...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a PHP Local File Inclusion vulnerability in the Dekoro WordPress theme. Attackers can include arbitrary local files through imprope...

This vulnerability allows attackers to include local PHP files through improper filename control in the Vango WordPress theme. Attackers can read sens...

This CVE describes a PHP Local File Inclusion vulnerability in the iRecco Core WordPress plugin. Attackers can include arbitrary local files on the se...

This vulnerability allows attackers to include local files on the server through improper input validation in the Bajaar WordPress theme. Attackers ca...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...

This CVE describes a PHP Local File Inclusion vulnerability in the Pippo WordPress theme. Attackers can include arbitrary local files through improper...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to escalate privileges in the Booking Activities WordPress plugin. Any WordPress site running Booking Activities v...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a PHP Local File Inclusion vulnerability in the Powerlift WordPress theme by Mikado-Themes. Attackers can exploit improper filename...

This vulnerability allows attackers to include local files on the server through PHP's include/require statements in the The Aisle WordPress theme. At...

This vulnerability allows attackers to include local files on the server through improper input validation in the Myour WordPress theme. Attackers can...

This vulnerability allows attackers to include local files on the server through PHP's include/require statements in the Mella WordPress theme. Attack...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Tutor LMS WordPress plugin that allows attackers to bypass authorizatio...

This vulnerability allows remote code execution through malicious YAML input in docling-core library versions 2.21.0 to 2.48.3. Attackers can execute ...

This vulnerability allows attackers to upload malicious files to Teknoera software, potentially leading to file content injection attacks. It affects ...

This vulnerability allows attackers to bypass two-factor authentication in Horilla HRMS by omitting the OTP field from authentication requests. When t...

Fleet device management software versions before 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 have broken access control that allows any authenticated u...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to compromise VirtualBox, potentiall...

This vulnerability in Oracle FLEXCUBE Investor Servicing allows authenticated attackers with low privileges to perform unauthorized data manipulation ...

The Nexter Extension plugin for WordPress has a PHP object injection vulnerability that allows unauthenticated attackers to inject malicious PHP objec...

This vulnerability allows authenticated attackers with customer-level permissions or higher to access and modify other vendors' store settings in the ...

A heap buffer overflow vulnerability in ImageMagick's XBM image decoder allows attackers to write controlled data beyond allocated memory boundaries w...

CVE-2026-23846 is a sensitive information exposure vulnerability in Tugtainer where passwords are transmitted via URL query parameters instead of secu...

This vulnerability in strongSwan's eap-mschapv2 plugin allows a malicious EAP-MSCHAPv2 server to trigger an integer underflow and heap-based buffer ov...

This vulnerability involves an incorrect implementation of an authentication algorithm in ABB Ability OPTIMAX, potentially allowing attackers to bypas...

This vulnerability allows attackers to bypass Deno's security restrictions on Windows by using case variations in file extensions (.BAT, .Bat instead ...

CVE-2025-66292 is an arbitrary file deletion vulnerability in DPanel server management panel. Authenticated users can delete any file on the server vi...

This CVE describes a race condition vulnerability in FreeRDP's serial channel IRP thread tracking that allows heap use-after-free. Attackers could exp...

This vulnerability allows an unauthorized attacker to execute arbitrary code on Windows Server Update Service (WSUS) servers by sending specially craf...

A heap-based buffer overflow vulnerability in multiple Fortinet products allows attackers to execute arbitrary code or commands via specially crafted ...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potenti...

This CVE describes a mitigation bypass vulnerability in the DOM Security component of Mozilla products. It allows attackers to circumvent security pro...

This vulnerability allows attackers to bypass authorization controls in ManageEngine's privileged access management products when initiating remote se...

This vulnerability allows backend users with access to the recycler module to delete arbitrary data from any database table defined in TYPO3's TCA, re...

This CVE describes a Missing Authorization Check vulnerability in SAP ABAP systems that allows authenticated attackers to misuse RFC functions to exec...

CVE-2026-0511 is a missing authorization vulnerability in SAP Fiori App Intercompany Balance Reconciliation that allows authenticated users to escalat...

CVE-2025-68472 is an unauthenticated path traversal vulnerability in MindsDB's file upload API that allows attackers to read arbitrary files from the ...