🔥 Trending CVEs - Last 90 Days
4,497 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This vulnerability in Vega visualization library allows arbitrary JavaScript execution via DOM-based XSS when applications meet two conditions: they a...
📅 65 days ago • Jan 5, 2026This vulnerability in Coolify allows attackers to hijack password reset emails by manipulating the host header. When victims click malicious reset lin...
📅 65 days ago • Jan 5, 2026A buffer overflow vulnerability in QNAP operating systems allows authenticated remote attackers to modify memory or crash processes. This affects QNAP...
📅 68 days ago • Jan 2, 2026A buffer overflow vulnerability in QNAP operating systems allows authenticated remote attackers to modify memory or crash processes. This affects user...
📅 68 days ago • Jan 2, 2026A buffer overflow vulnerability in QNAP operating systems allows authenticated remote attackers to modify memory or crash processes. This affects user...
📅 68 days ago • Jan 2, 2026This vulnerability allows attackers to include local PHP files through improper filename control in the Lekker WordPress theme. Attackers can potentia...
📅 71 days ago • Dec 30, 2025This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Eagle Booking WordPress plugin that allows attackers to bypass auth...
📅 71 days ago • Dec 30, 2025This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Google Calendar Events WordPress plugin. Attackers can bypass autho...
📅 71 days ago • Dec 30, 2025This CVE describes a Missing Authorization vulnerability in the WeDesignTech Portfolio WordPress plugin that allows attackers to bypass access control...
📅 71 days ago • Dec 30, 2025This vulnerability allows attackers to bypass authorization controls in the DesignThemes LMS Addon WordPress plugin, potentially accessing restricted ...
📅 71 days ago • Dec 30, 2025This vulnerability in Delta Electronics DVP-12SE11T PLC allows attackers to bypass authentication by obtaining partial password information through im...
📅 71 days ago • Dec 30, 2025This vulnerability allows attackers to decrypt session cookies and steal authentication credentials in SiYuan Note software. Attackers who intercept s...
📅 75 days ago • Dec 27, 2025This CVE describes a Missing Authorization vulnerability in the WordPress Editorial Calendar plugin that allows attackers to bypass access controls. A...
📅 77 days ago • Dec 24, 2025This CVE describes a missing authorization vulnerability in the totalsoft TS Poll WordPress plugin (poll-wp) that allows attackers to exploit incorrec...
📅 77 days ago • Dec 24, 2025This CVE describes a Missing Authorization vulnerability in the WP Telegram Widget and Join Link WordPress plugin that allows attackers to bypass acce...
📅 77 days ago • Dec 24, 2025This CVE describes a Missing Authorization vulnerability in the Simple File List WordPress plugin that allows attackers to bypass access controls. It ...
📅 77 days ago • Dec 24, 2025This CVE describes a Missing Authorization vulnerability in the Opinion Stage Poll, Survey & Quiz Maker WordPress plugin that allows attackers to bypa...
📅 77 days ago • Dec 24, 2025This vulnerability allows attackers to bypass authorization controls in the FV Simpler SEO WordPress plugin, potentially accessing administrative func...
📅 77 days ago • Dec 24, 2025This CVE describes a missing authorization vulnerability in YITH Slider for page builders WordPress plugin that allows attackers to bypass access cont...
📅 77 days ago • Dec 24, 2025This CVE describes a missing authorization vulnerability in the Watu Quiz WordPress plugin that allows attackers to bypass access controls. Attackers ...
📅 77 days ago • Dec 24, 2025This CVE describes a missing authorization vulnerability in the Addonify Quick View WordPress plugin that allows attackers to bypass access controls. ...
📅 77 days ago • Dec 24, 2025This CVE describes a Missing Authorization vulnerability in the Tablesome WordPress plugin that allows attackers to bypass access controls. It affects...
📅 77 days ago • Dec 24, 2025This CVE describes a Missing Authorization vulnerability in the Spiffy Calendar WordPress plugin that allows attackers to bypass access controls. It a...
📅 77 days ago • Dec 24, 2025This vulnerability allows attackers to bypass authorization controls in WP Swings Membership For WooCommerce by manipulating user-controlled keys, pot...
📅 77 days ago • Dec 24, 2025The Beaver Builder WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or higher t...
📅 78 days ago • Dec 23, 2025The Redirection for Contact Form 7 WordPress plugin allows unauthenticated attackers to upload arbitrary files to the server due to missing file type ...
📅 80 days ago • Dec 21, 2025Advantech WebAccess/SCADA is vulnerable to directory traversal that allows attackers to delete arbitrary files on the system. This affects industrial ...
📅 83 days ago • Dec 18, 2025This path traversal vulnerability allows authenticated users with limited privileges to upload malicious Arc data archives that can write arbitrary fi...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include arbitrary local files through PHP's include/require statements in the Inset WordPress theme. Attackers ...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Traveler WordPress theme. Attackers can include arbitrary local files on the server...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper input validation in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the MinimogWP WordPress theme, potentially leading...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through PHP's include/require statements, potentially leading to remote code ...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Kicker WordPress theme by axiomthemes. Attackers can include arbitrary local files ...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include and execute arbitrary local files on the server via PHP's include/require statements in the Renewal Wor...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Pinevale WordPress theme. Attackers can include arbitrary local files through impro...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Katelyn WordPress theme. Attackers can potenti...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Giardino WordPress theme that allows attackers to include arbitrary local files thr...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Winger WordPress theme. Attackers can potentia...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the DJ Rainflow WordPress theme. Attackers can include arbitrary local files from the s...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Pubzinne WordPress theme. Attackers can include arbitrary local files through impro...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the IPharm WordPress theme. Attackers can include arbitrary local files through imprope...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper input validation in the Tripster WordPress theme. Attackers ...
📅 83 days ago • Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Chinchilla WordPress theme. Attackers can include arbitrary local files through imp...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Wanderic WordPress theme. Attackers can potent...
📅 83 days ago • Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Fribbo WordPress theme. Attackers can potentia...
📅 83 days ago • Dec 18, 2025Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
