🔥 Trending CVEs - Last 30 Days

This SQL injection vulnerability in Download Manager Addons for Elementor allows attackers to execute arbitrary SQL commands against the WordPress dat...

This SQL injection vulnerability in the Wolmart Core WordPress plugin allows attackers to execute arbitrary SQL commands on affected databases. It aff...

This SQL injection vulnerability in the TeconceTheme Emerce Core WordPress plugin allows attackers to execute arbitrary SQL commands on the database. ...

This SQL injection vulnerability in the Saasplate Core WordPress plugin allows attackers to execute arbitrary SQL commands against the database. It af...

This SQL injection vulnerability in the Crete Core WordPress plugin allows attackers to execute arbitrary SQL commands against the database. It affect...

This CVE describes a blind SQL injection vulnerability in the TeconceTheme Medinik Core WordPress plugin. Attackers can inject malicious SQL queries t...

This vulnerability in Kata Containers allows a container user to modify the Guest micro VM's file system, leading to arbitrary code execution as root ...

This vulnerability allows an attacker with code execution on the infotainment system's main processor to execute arbitrary code on the RH850 CAN commu...

This vulnerability allows local attackers to map arbitrary memory addresses due to missing bounds checking in the vpu_mmap function. This can lead to ...

This vulnerability allows attackers to execute arbitrary operating system commands with root privileges within the container running bleon-ethical/api...

This broken access control vulnerability in File Browser allows authenticated users with only Create permission to delete files and directories they s...

CVE-2026-24457 is a path traversal vulnerability in OpenMQ's configuration parsing that allows remote attackers to read arbitrary files from the MQ Br...

A typo in Froxlor's input validation code (== instead of =) disables email format checking for admin email settings. This allows authenticated admins ...

CVE-2026-27812 is a password reset poisoning vulnerability in Sub2API versions before 0.1.85 that allows attackers to manipulate password reset links ...

This vulnerability in Vikunja task management software allows attackers to compromise accounts through weak password policies and maintain persistent ...

This vulnerability allows attackers to extract administrative credentials from Gardyn IoT Hub through API responses, mobile app reverse engineering, o...

The basic-ftp Node.js library contains a path traversal vulnerability in the downloadToDir() method. A malicious FTP server can send filenames contain...

This vulnerability in Octopus Deploy allows attackers to delete files or file contents on the host system through an unauthenticated API endpoint lack...

Caddy servers with host lists exceeding 100 entries have a case-sensitivity vulnerability in the HTTP host matcher. Attackers can bypass host-based ro...

CVE-2026-27586 is a critical authentication bypass vulnerability in Caddy server where mTLS client certificate authentication silently fails open when...

This vulnerability involves uninitialized memory in Firefox's Graphics: Text component, which could allow attackers to read sensitive data from memory...

A type confusion vulnerability in SolarWinds Serv-U allows attackers with administrative privileges to execute arbitrary native code with elevated pri...

A broken access control vulnerability in SolarWinds Serv-U allows domain or group administrators to create system admin users and execute arbitrary co...

Smolder versions through 1.51 for Perl use the non-cryptographically secure rand() function for cryptographic operations, making generated values pred...

This vulnerability allows a remote attacker to read memory outside the intended buffer in Chrome's media component by tricking a user into visiting a ...

This vulnerability in Ayms node-To master branch disables TLS/SSL certificate validation, allowing man-in-the-middle attackers to intercept and manipu...

The CVE-2026-23552 vulnerability allows attackers to bypass tenant isolation in Apache Camel Keycloak component by using JWT tokens from unauthorized ...

This CVE describes an integer overflow vulnerability in Crypt::NaCl::Sodium Perl module versions through 2.001 on 32-bit systems. The flaw occurs when...

This critical vulnerability in Sentry's SAML SSO implementation allows attackers to take over any user account by exploiting misconfigured multi-organ...

This SQL injection vulnerability in Fiverr Clone Script 1.2.2 allows unauthenticated attackers to inject malicious SQL code through the page parameter...

This SQL injection vulnerability in LibreNMS allows attackers to execute arbitrary SQL commands through the ajax_table.php endpoint when searching IPv...

SoftVision webPDF versions before 10.0.2 contain a Server-Side Request Forgery (SSRF) vulnerability in the PDF converter function. Attackers can uploa...

InvoicePlane 1.7.0 contains a critical Remote Code Execution vulnerability that allows authenticated administrators to execute arbitrary system comman...

This vulnerability allows remote attackers to perform administrative operations without authentication in ProjectWorlds Online Time Table Generator 1....

This vulnerability in authentik allows authenticated users with specific delegated permissions to execute arbitrary code on the authentik server conta...

An authorization bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to create and modify arbitrary sche...

PlaciPy placement management system version 1.0.0 allows cross-tenant data access by deriving tenant identifiers from user-provided email domains with...

PlaciPy placement management system version 1.0.0 has an authorization vulnerability where authenticated users can access other users' student submiss...

PlaciPy placement management system version 1.0.0 has a missing object-level authorization vulnerability that allows authenticated users to access ass...

This vulnerability allows instructors to achieve arbitrary file write on the server by uploading specially crafted zip files. Attackers could write ma...

This authentication bypass vulnerability in JetBrains Hub allows attackers to perform administrative actions without proper credentials. All organizat...

CVE-2026-2234 is a missing authentication vulnerability in HGiga's C&Cm@il software that allows unauthenticated remote attackers to read and modify an...

This vulnerability in Antrea's network policy priority assignment system causes incorrect traffic enforcement due to a uint16 arithmetic overflow when...

CVE-2026-25643 is a critical Remote Command Execution vulnerability in Frigate NVR software that allows attackers to execute arbitrary system commands...

CVE-2026-25722 is a directory traversal vulnerability in Claude Code that allows attackers to bypass write protection in sensitive directories like .c...

CVE-2019-25298 is an SQL injection vulnerability in html5_snmp 1.11 that allows attackers to manipulate database queries through Router_ID and Router_...

A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows low-privileged users (like trainers) to inject malicious JavaScript into cours...

This vulnerability allows low-privilege users in Chamilo LMS to upload malicious files containing stored XSS payloads through the Social Networks feat...

This CVE describes a second-order expression injection vulnerability in n8n's Form nodes that could allow unauthenticated attackers to inject and eval...

A stored cross-site scripting (XSS) vulnerability in RustFS Console allows attackers to inject malicious JavaScript that executes when administrators ...