🔥 Trending CVEs - Last 90 Days

This CVE describes a PHP Local File Inclusion vulnerability in the VanKarWai Airtifact WordPress theme. Attackers can include arbitrary local files th...

This vulnerability in soroban-sdk allows attackers to bypass security checks in Soroban smart contracts when trait and inherent functions share the sa...

An authenticated user with team edit permissions in Penpot can read arbitrary files from the server filesystem by exploiting a path traversal vulnerab...

This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks through the 'search' parameter in the Product Table an...

The wpForo Forum plugin for WordPress has a time-based SQL injection vulnerability in the 'wpfob' parameter that allows unauthenticated attackers to e...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

OpenClaw versions 2026.1.30 and below have an authentication bypass vulnerability in Telegram webhook mode. When channels.telegram.webhookSecret is no...

This SQL injection vulnerability in the WordPress Library Management System plugin allows unauthenticated attackers to inject malicious SQL queries th...

The GDPR Cookie Consent WordPress plugin has an unauthenticated REST API vulnerability that allows attackers to retrieve sensitive plugin settings wit...

This vulnerability allows remote attackers to crash the web service on Bematech MP-4200 TH printers by sending specially crafted POST requests to the ...

CVE-2019-25353 is a buffer overflow vulnerability in Foscam Video Management System that allows attackers to cause denial of service by sending a spec...

CVE-2019-25355 is a directory traversal vulnerability in gSOAP 2.8 that allows unauthenticated attackers to access sensitive system files by manipulat...

CVE-2019-25349 is a buffer overflow vulnerability in ScadaApp for iOS that allows attackers to cause a denial of service by crashing the application. ...

CVE-2026-23491 is a path traversal vulnerability in InvoicePlane that allows unauthenticated attackers to read arbitrary files on the server by manipu...

This vulnerability in Rack's Rack::Directory component allows attackers to bypass directory restrictions using path traversal techniques. By crafting ...

A vulnerability in BIG-IP AFM or BIG-IP DDoS modules causes the Traffic Management Microkernel (TMM) to terminate when processing specific undisclosed...

This SQL injection vulnerability in the WPNakama WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through the 'order'...

This vulnerability in Apache Tomcat Native and Apache Tomcat allows attackers to bypass certificate revocation checks when using OCSP responders. Impr...

A TLS certificate validation vulnerability in Guardian Gryphon v01.06.0006.22 allows attackers to bypass authentication and execute arbitrary commands...

The PhotoStack Gallery WordPress plugin contains an SQL injection vulnerability in the 'postid' parameter that allows unauthenticated attackers to exe...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform Local File Inclusion attacks via the Flexi ...

This vulnerability allows unauthenticated attackers to spoof BlueSnap IP addresses and send forged payment notifications to WordPress sites using the ...

A Null Pointer Dereference vulnerability in TON Blockchain's TVM allows attackers to crash validator nodes by sending malicious transactions. This cau...

A stack overflow vulnerability in TON Virtual Machine (TVM) allows attackers to craft smart contracts with deeply nested jump logic that exhausts stac...

A state pollution vulnerability in TON Virtual Machine (TVM) allows denial of service when Out-of-Gas exceptions occur during child VM initialization....

This CVE describes a Denial of Service vulnerability in TON Lite Server where attackers can inject malicious Continuation objects into locally execute...

This vulnerability in BACnet Stack allows attackers to write files to arbitrary directories due to lack of path validation in file writing functionali...

A heap buffer overflow vulnerability in free5GC's UPF component allows remote attackers to crash the UPF service via specially crafted PFCP Session Mo...

A protocol compliance vulnerability in free5GC's UPF component allows remote attackers to send malformed PFCP Association Setup Requests that violate ...

A remote array index out-of-bounds vulnerability in free5GC's AMF component allows attackers to crash the AMF service via specially crafted 5GS Mobile...

CVE-2019-25340 is a stack-based buffer overflow vulnerability in SpotAuditor's Base64 decryption feature that allows attackers to cause denial of serv...

CVE-2019-25342 is a denial of service vulnerability in Centova Cast that allows attackers to overwhelm the system by repeatedly calling the database e...

GHIA CamIP 1.2 for iOS contains a denial of service vulnerability where attackers can crash the application by pasting a 33-character buffer of repeat...

CVE-2019-25335 is an authentication bypass vulnerability in PRO-7070 Hazır Profesyonel Web Sitesi version 1.0. Attackers can gain administrative acce...

CVE-2019-25329 is a buffer overflow vulnerability in FTP Navigator 8.03 that allows attackers to crash the application via denial of service by overwr...

SurfOffline Professional 2.2.0.103 contains a structured exception handler overflow vulnerability in project name input. Attackers can crash the appli...

This vulnerability allows any pod within a Kubernetes cluster to send unauthorized AdmissionReview requests to Yoke's Air Traffic Controller webhook e...

Scraparr versions 3.0.0-beta through 3.0.1 expose Readarr API keys in Prometheus metrics when Readarr integration is enabled without an alias. This al...

This vulnerability allows remote attackers to cause moderate CPU usage spikes (2-4 times normal) on ntpd-rs servers with NTS enabled by sending malfor...

This vulnerability allows unauthenticated attackers to cause denial of service in Traefik reverse proxy by exploiting a STARTTLS timeout bypass. Attac...

This vulnerability in FrankenPHP worker mode allows session data from one user's request to be accessible to another user's request processed by the s...

A stack overflow vulnerability in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause Denial o...

A heap buffer overflow vulnerability in Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) by sending a specially...

CVE-2019-25347 is a SQL injection vulnerability in thesystem App 1.0 that allows attackers to bypass authentication by injecting malicious SQL code in...

CVE-2025-69807 is a buffer overflow vulnerability in p2r3 Bareiron that allows unauthenticated remote attackers to send specially crafted packets to c...

CVE-2025-69806 is an out-of-bounds read vulnerability in p2r3 bareiron software that allows unauthenticated remote attackers to leak relative informat...

This vulnerability allows authenticated users with REST/GraphQL API access in FreePBX to escalate privileges by forging JWTs using the api-oauth.key p...

This vulnerability in Halo blogging software allows remote attackers to cause denial of service by sending specially crafted payloads to the public co...

An unauthenticated attacker can exploit this vulnerability by manipulating URLs to read arbitrary files from the Valmet DNA Web Tools server. This aff...

This CVE describes a memory handling vulnerability in Apple operating systems and Safari that could allow a remote attacker to cause denial-of-service...