🔥 Trending CVEs - Last 90 Days

This CVE describes a path handling vulnerability (CWE-22) in multiple Apple operating systems and Safari that allows a remote attacker to write arbitr...

This CVE describes a logging vulnerability where sensitive user information was not properly redacted in system logs. Attackers with access to log fil...

This CVE describes a Bluetooth denial-of-service vulnerability affecting multiple Apple operating systems. An attacker in a privileged network positio...

This vulnerability allows remote attackers to read arbitrary local files on systems running vulnerable Keras versions by exploiting a flaw in the HDF5...

A logic vulnerability in macOS allows remote attackers to cause denial-of-service conditions. This affects macOS Sequoia before 15.7.4 and macOS Sonom...

CVE-2026-26029 is a command injection vulnerability in sf-mcp-server that allows attackers to execute arbitrary shell commands by injecting malicious ...

Pillow versions 10.3.0 through 12.1.0 contain an out-of-bounds write vulnerability when processing specially crafted PSD image files. This could allow...

CVE-2020-37213 is a buffer overflow vulnerability in TextCrawler Pro that allows attackers to cause denial of service by crashing the application. Att...

CVE-2020-37214 is a directory traversal vulnerability in Voyager 1.3.0 that allows attackers to read sensitive system files by manipulating the asset ...

CVE-2020-37209 is a buffer overflow vulnerability in SpotFTP 3.0.0.0 that allows attackers to crash the application by entering a 1000-character paylo...

CVE-2020-37210 is a buffer overflow vulnerability in SpotIE 2.9.5 that allows attackers to cause denial of service by crashing the application. Attack...

SpotMSN 2.4.6 contains a buffer overflow vulnerability in the registration name field that allows attackers to crash the application by inputting a 10...

NetworkSleuth 3.0.0.0 contains a buffer overflow vulnerability in the registration key validation that allows attackers to crash the application by su...

RemShutdown 2.9.0.0 contains a buffer overflow vulnerability in its registration key input field that allows attackers to crash the application via de...

CVE-2020-37205 is a buffer overflow vulnerability in RemShutdown 2.9.0.0 that allows attackers to crash the application by sending overly long input t...

CVE-2020-37207 is a buffer overflow vulnerability in SpotDialup's registration key field that allows attackers to crash the application by pasting a 1...

CVE-2020-37197 is a buffer overflow vulnerability in Dnss Domain Name Search Software that allows attackers to cause denial of service by crashing the...

NBMonitor 1.6.6.0 contains a buffer overflow vulnerability in its registration key input field that allows attackers to crash the application by pasti...

NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input field. Attackers can crash the application by supplying...

CVE-2020-37191 is a buffer overflow vulnerability in Top Password Software Dialup Password Recovery 1.30 that allows attackers to crash the applicatio...

CVE-2020-37193 is a denial of service vulnerability in ZIP Password Recovery 2.30 where attackers can crash the application by providing a specially c...

BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration name input field that allows attackers to crash the application via d...

CVE-2020-37185 is a buffer overflow vulnerability in Backup Key Recovery 2.2.5 that allows attackers to crash the application by sending overly long i...

CVE-2020-37188 is a buffer overflow vulnerability in SpotOutlook 1.2.6 that allows attackers to cause denial of service by crashing the application. A...

TaskCanvas 1.4.0 contains a buffer overflow vulnerability in the registration code input field that allows attackers to cause denial of service by cra...

CVE-2020-37180 is a denial of service vulnerability in GTalk Password Finder 2.2.1 where attackers can crash the application by supplying an oversized...

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.jso...

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can cause applicati...

CVE-2020-37104 allows unauthenticated attackers to download database backup files from ASTPP VoIP billing software by brute-forcing predictable 6-digi...

CVE-2024-26480 is an information disclosure vulnerability in Statping-ng v0.91.0 that allows attackers to access sensitive information through crafted...

CVE-2024-26477 is an information disclosure vulnerability in Statping-ng v0.91.0 that allows attackers to access sensitive information through crafted...

A race condition vulnerability in Chrome DevTools allows attackers to potentially corrupt memory objects when users perform specific UI gestures and h...

This vulnerability in Sunbird-Ed portal version 1.13.4 disables TLS/SSL certificate validation, allowing attackers to intercept and potentially modify...

A directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to access sensitive files or delete arbitrary files by manipulating input to ...

This vulnerability allows unauthenticated remote attackers to access and export the internal telemetry SQLite database containing sensitive operationa...

This vulnerability allows unauthenticated attackers to send repeated GraphQL queries to GitLab instances, causing denial of service by exhausting serv...

This vulnerability allows unauthenticated attackers to cause denial of service on GitLab instances by bypassing JSON validation middleware limits, lea...

This vulnerability in MongoDB allows connections from proxy ports to bypass connection counting, potentially causing server crashes when connection li...

ClipBucket v5 versions before 5.5.3 - #40 have a TOCTOU race condition in avatar/background image uploads. Attackers can upload malicious PHP files th...

This vulnerability in the Emmett framework allows unauthenticated attackers to send malformed Cookie headers that trigger unhandled CookieError except...

This vulnerability allows attackers to spoof identities or data in Microsoft Office Outlook by exploiting insecure deserialization of untrusted data. ...

This vulnerability allows an unauthorized attacker to trigger a null pointer dereference in Windows LDAP service, causing a denial of service. Any Win...

This vulnerability is a buffer over-read in Windows GDI+ that allows an unauthorized attacker to cause a denial of service over a network. It affects ...

This .NET vulnerability allows unauthorized attackers to perform spoofing attacks over a network by exploiting improper handling of missing special el...

The Ninja Forms WordPress plugin has a vulnerability that allows unauthenticated attackers to extract sensitive post metadata from any post on the sit...

Docpedia developed by Flowring contains a SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL commands a...

CVE-2026-0485 is a denial-of-service vulnerability in SAP BusinessObjects BI Platform that allows unauthenticated attackers to crash and restart the C...

CVE-2026-0490 is an authentication bypass vulnerability in SAP BusinessObjects BI Platform that allows unauthenticated attackers to send crafted netwo...

Adminer v5.4.1 and earlier has a version check endpoint that lacks origin validation, allowing attackers to send malformed POST data. This causes a PH...

This vulnerability allows network attackers to intercept SumatraPDF's update requests and deliver malicious installers due to disabled TLS hostname ve...