🔥 Trending CVEs - Last 90 Days

A race condition vulnerability in the card framework module allows attackers to cause denial of service by exploiting multi-threading issues. This aff...

This vulnerability in Windows Telephony Service allows an authorized attacker on the same network to manipulate file paths, potentially leading to pri...

A path traversal vulnerability in NETGEAR WiFi range extenders allows authenticated LAN attackers to access sensitive webproc files containing router ...

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers on the local network to execute arbitrary OS commands through ...

An insufficient input validation vulnerability in NETGEAR Orbi routers' DHCPv6 functionality allows authenticated attackers on the same network (WiFi ...

An insufficient input validation vulnerability in NETGEAR XR1000v2 routers allows attackers on the local network to execute arbitrary operating system...

This CVE describes an authentication bypass vulnerability in NETGEAR WiFi range extenders that allows attackers on the same network to access the admi...

This CVE describes a sandbox escape vulnerability in the Graphics: CanvasWebGL component due to incorrect boundary conditions. It allows attackers to ...

HAX CMS versions 11.0.6 through 24.x are vulnerable to stored cross-site scripting (XSS), allowing attackers to inject malicious scripts that persist ...

This is a cross-site scripting (XSS) vulnerability in GitLab that allows an unauthenticated attacker to execute arbitrary JavaScript code in the conte...

An unused webshell in MicroServer allows unlimited login attempts with sudo rights on certain files and directories. Attackers with admin access can g...

This vulnerability allows low-privileged users in Coolify to invite themselves as administrators through a race condition exploit. By clicking the inv...

This stored XSS vulnerability in Coolify allows authenticated low-privilege users to inject malicious JavaScript into project names. When administrato...

This CVE describes a command injection vulnerability in TP-Link WA850RE range extenders' httpd modules. Authenticated attackers on the same network ca...

ProjectSend r1605 contains a CSV injection vulnerability where authenticated users can embed malicious formulas in user profile names. When administra...

OpenPLC_V3 lacks CSRF protection, allowing attackers to trick logged-in administrators into clicking malicious links that modify PLC settings or uploa...

This vulnerability allows attackers to execute arbitrary shell commands in melange pipelines when they can provide build input values. The issue occur...

This XXE vulnerability in Crowd Data Center and Server allows authenticated attackers to read local files and potentially access remote content via XM...

This CVE describes a CPU-level vulnerability in certain Arm processors where a specific instruction (CPP RCTX) can prevent proper TLB invalidation, ca...

Spinnaker versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery (SSRF) that allows attackers to fetch data ...

This vulnerability in Zoom Clients for Windows allows authenticated local users to escalate their privileges on the system. Attackers could gain highe...

This vulnerability in Zoom Clients for Windows allows authenticated local users to escalate privileges by exploiting improper minimum version checks d...

This CVE describes a heap-based buffer overflow vulnerability in Adobe Illustrator that could allow an attacker to execute arbitrary code with the pri...

A stack-based buffer overflow vulnerability in Adobe Illustrator allows attackers to execute arbitrary code when a user opens a malicious file. This a...

A use-after-free vulnerability in Adobe Acrobat Reader allows attackers to execute arbitrary code when a user opens a malicious PDF file. This affects...

A use-after-free vulnerability in Adobe Acrobat Reader allows attackers to execute arbitrary code when a user opens a malicious PDF file. This affects...

CVE-2026-27279 is an out-of-bounds write vulnerability in Substance3D Stager that could allow arbitrary code execution when a user opens a malicious f...

Substance3D Stager versions 3.1.7 and earlier contain an out-of-bounds write vulnerability that could allow arbitrary code execution when a user opens...

CVE-2026-27276 is a use-after-free vulnerability in Substance3D Stager that could allow arbitrary code execution when a user opens a malicious file. T...

CVE-2026-27269 is an out-of-bounds read vulnerability in Adobe Premiere Pro that could allow an attacker to execute arbitrary code when a user opens a...

An exposed dangerous method in Ivanti DSM allows local authenticated attackers to escalate privileges. This affects all Ivanti DSM installations befor...

A stack buffer overflow vulnerability in iccDEV's CIccXform3DLut::Apply() function allows attackers to corrupt stack memory or cause crashes. This aff...

A stack buffer overflow vulnerability in iccDEV's CIccTagNum<>::GetValues() function allows attackers to corrupt stack memory or cause crashes. This a...

A stack buffer overflow vulnerability in iccDEV's icFixXml() function allows attackers to corrupt stack memory or cause crashes via strcpy. This affec...

A heap-based buffer overflow vulnerability in iccDEV's CIccMatrixMath::SetRange() function allows attackers to write beyond allocated memory boundarie...

A heap-use-after-free vulnerability in iccDEV's CIccCmm::AddXform() function allows attackers to cause crashes or potentially execute arbitrary code b...

This CVE describes an incorrect default permissions vulnerability in .NET that allows an authenticated attacker to escalate privileges on the local sy...

An integer overflow vulnerability in Microsoft Office allows authenticated attackers to escalate privileges on local systems. This affects users runni...

This vulnerability allows an authenticated attacker to bypass authentication mechanisms in Azure Windows Virtual Machine Agent, enabling local privile...

This vulnerability in Windows SMB Server allows authenticated attackers to bypass proper authentication checks and gain elevated privileges on the loc...

This vulnerability is a use-after-free flaw in Microsoft Office Excel that allows an unauthorized attacker to execute arbitrary code on a victim's sys...

CVE-2026-25189 is a use-after-free vulnerability in Windows Desktop Window Manager (DWM) Core Library that allows an authenticated attacker to execute...

This vulnerability in Windows Winlogon allows an authenticated attacker to exploit improper link resolution to gain elevated local privileges. Attacke...

CVE-2026-25174 is an out-of-bounds read vulnerability in Windows Extensible File Allocation that allows authenticated attackers to read memory beyond ...

This vulnerability allows an authenticated attacker to escalate privileges on Windows systems by exploiting improper access control in the Ancillary F...

A null pointer dereference vulnerability in Windows Performance Counters allows authenticated attackers to execute arbitrary code with elevated privil...

This vulnerability is a null pointer dereference in Windows Ancillary Function Driver for WinSock that allows an authenticated attacker to execute arb...

This CVE describes a use-after-free vulnerability in the Windows Kernel that allows an authenticated attacker to execute arbitrary code with elevated ...

This vulnerability allows an authorized attacker with local access to exploit incorrect permissions in Windows Accessibility Infrastructure (ATBroker....

This vulnerability is an out-of-bounds read in Windows Resilient File System (ReFS) that allows an authenticated attacker to read memory beyond alloca...