🔥 Trending CVEs - Last 90 Days

This vulnerability in Django's ASGIRequest component allows remote attackers to cause denial-of-service by sending crafted requests with multiple dupl...

This vulnerability in Moodle allows remote attackers to bypass rate limiting on confirmation email services, enabling brute-force attacks against user...

This vulnerability allows unauthorized actors to access directory listings in AKCE Software Technology's SKSPro software, potentially exposing sensiti...

A vulnerability in Brocade SANnav migration scripts before version 3.0 allows sensitive database information to be captured in support save files. Att...

This vulnerability allows attackers to intercept Notepad++ update traffic and replace legitimate updates with malicious installers. When users update ...

This timing attack vulnerability in PolarLearn allows unauthenticated attackers to enumerate valid user email addresses by measuring login response ti...

CVE-2022-50977 allows unauthenticated remote attackers to disrupt operations by switching between multiple configuration presets via HTTP requests. Th...

This vulnerability allows unauthenticated remote attackers to disrupt operations by switching between multiple configuration presets via Modbus TCP. I...

This vulnerability in huggingface/text-generation-inference allows unauthenticated attackers to trigger resource exhaustion by exploiting unbounded ex...

This CVE describes a PHP Local File Inclusion vulnerability in the Talemy Spirit Framework WordPress plugin. Attackers can exploit improper filename c...

This vulnerability allows remote denial of service attacks against mobile devices with affected MediaTek modems. An attacker can crash the system by c...

An improper input verification vulnerability in Cybozu Garoon allows attackers to modify portal settings without proper authorization. This could bloc...

CVE-2020-37041 is a directory traversal vulnerability in OpenCTI 3.3.1 that allows unauthenticated attackers to read arbitrary files from the server f...

A vulnerability in fast-xml-parser versions 4.3.6 through 5.3.3 allows attackers to cause denial of service by sending XML with out-of-range numeric e...

This vulnerability in Undertow allows remote attackers to cause denial-of-service by sending HTTP requests with large parameter names, triggering OutO...

CVE-2026-24714 allows attackers to activate telnet service on end-of-service NETGEAR devices by sending a specially crafted 'magic packet' to the Teln...

This vulnerability in tcpflow's wifipcap component allows a 1-byte out-of-bounds write when parsing specially crafted 802.11 management frames with la...

An out-of-bounds read vulnerability in Monkey web server's HTTP parser allows attackers to cause denial of service by sending crafted HTTP requests. T...

An out-of-bounds read vulnerability in Monkey web server's mk_mimetype_find function allows attackers to cause denial of service by sending specially ...

A stack overflow vulnerability in Monkey web server's mk_http_index_lookup function allows attackers to cause denial of service by sending specially c...

This vulnerability allows attackers to cause a Denial of Service (DoS) by sending a specially crafted POST request to the Monkey web server. The out-o...

An out-of-bounds read vulnerability in Monkey web server's memory handling allows attackers to cause denial of service by sending crafted HTTP request...

A use-after-free vulnerability in Monkey web server's string handling function allows attackers to crash the server by sending specially crafted HTTP ...

A use-after-free vulnerability in Monkey web server's HTTP request handling allows attackers to crash the server by sending a specially crafted HTTP r...

An out-of-bounds read vulnerability in Monkey web server's mk_vhost_fdt_close function allows attackers to cause denial of service by sending crafted ...

This vulnerability allows attackers to crash Monkey web servers by sending specially crafted HTTP requests that trigger a NULL pointer dereference. An...

This SQL injection vulnerability in Global Interactive Design Media Software Inc.'s CMS allows attackers to execute arbitrary SQL commands through uns...

This vulnerability in Open Security Issue Management (OSIM) allows attackers to perform path traversal attacks by manipulating query parameters in ngi...

This vulnerability in Discourse allows attackers to obtain sensitive information about private resources through URL redirects. When users without pro...

An input validation vulnerability in OneFlow's oneflow.index_add component allows attackers to trigger a Denial of Service (DoS) by sending specially ...

An input validation vulnerability in OneFlow's flow.arange() function allows attackers to trigger a Denial of Service (DoS) by sending specially craft...

This vulnerability in Go's net/url package allows attackers to cause denial of service through memory exhaustion by sending HTTP requests with an exce...

This vulnerability in Drupal HTTP Client Manager allows attackers to bypass access controls through forceful browsing, potentially accessing restricte...

This vulnerability allows attackers to bypass authentication in Drupal Commerce Paybox payment processing module by exploiting improper cryptographic ...

A GPU device-ID validation flaw in OneFlow's CUDA component allows attackers to trigger a Denial of Service (DoS) by providing a crafted device ID. Th...

A vulnerability in OneFlow v0.9.0's flow.cuda.BoolTensor component allows attackers to cause Denial of Service (DoS) by sending specially crafted inpu...

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Service (DoS) by calling flow.cuda.get_device_properties() w...

This vulnerability in the Frontend File Manager WordPress plugin allows unauthenticated attackers to share any uploaded file via email by exploiting a...

The VidShop plugin for WordPress is vulnerable to SQL injection via the 'fields' parameter, allowing unauthenticated attackers to execute arbitrary SQ...

SolarWinds Web Help Desk contains hardcoded credentials that could allow attackers to access administrative functions under certain conditions. This a...

This vulnerability in the soroban-fixed-point-math library causes incorrect rounding in division operations when both the intermediate product and div...

An unauthenticated attacker can send HTTP requests with excessively long URL paths to Tapo C220 v1 and C520WS v2 cameras, causing the HTTP parser to c...

This vulnerability allows unauthenticated attackers to crash the HTTP service on Tapo C220 v1 and C520WS v2 cameras by sending POST requests with exce...

This CVE describes an infinite loop vulnerability in ixray-1.6-stcop software where a loop condition cannot be satisfied, causing indefinite execution...

A type confusion vulnerability in OpenSSL's TimeStamp Response verification allows attackers to cause denial of service by providing malformed timesta...

A NULL pointer dereference vulnerability in OpenSSL's PKCS12_item_decrypt_d2i_ex() function allows attackers to cause denial of service by providing m...

CVE-2020-36949 is a denial of service vulnerability in TapinRadio 2.13.7 where attackers can crash the application by pasting large buffers (20,000+ c...

An out-of-bounds write vulnerability in Commander-Genius game engine allows attackers to write data beyond allocated memory boundaries. This affects a...

This is a memory leak vulnerability (CWE-401) in Is-Daouda is-Engine software where memory is not properly released after use. This allows attackers t...

This vulnerability in Grafana allows attackers to cause denial of service by exhausting system memory through uncontrolled goroutine creation. Attacke...