🔥 Trending CVEs - Last 90 Days

Multiple denial of service vulnerabilities in React Server Components allow attackers to crash servers or cause resource exhaustion by sending special...

This vulnerability exposes administrative credentials in plaintext within HTTP responses from the Tenda W30E V2 router's maintenance interface. Attack...

This vulnerability in continuous.software aangine v.2025.2 allows remote attackers to access sensitive information through multiple service endpoints....

CVE-2026-24469 is a path traversal vulnerability in C++ HTTP Server versions 1.0 and below that allows unauthenticated remote attackers to read arbitr...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Saleor e-commerce platform that allows unauthenticated attackers to acc...

An unauthenticated information disclosure vulnerability in the Aptsys gemscms backend platform exposes cashier account details including MD5-hashed pa...

This vulnerability in RuoYi v4.8.2 allows unauthorized attackers to bypass access controls in the selectDept function, enabling them to access sensiti...

Managed Switch Port Mapping Tool 2.85.2 contains a buffer overflow vulnerability that allows attackers to crash the application by inputting oversized...

CVE-2021-47895 is a denial of service vulnerability in Nsauditor 3.2.2.0 where attackers can crash the application by inputting an overly large buffer...

AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in its Trace Route feature. Attackers can crash the application by overflowing...

An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly acce...

The Webpushr WordPress plugin (versions up to and including 4.38.0) contains a vulnerability that allows unauthorized users to retrieve sensitive syst...

This vulnerability in the WP FullCalendar WordPress plugin allows unauthorized users to retrieve embedded sensitive system information. It affects all...

An unauthenticated information disclosure vulnerability in Newgen OmniDocs allows remote attackers to access the /omnidocs/GetListofCabinet API endpoi...

Dell ECS and ObjectScale systems transmit sensitive information without encryption, allowing unauthenticated remote attackers to intercept and read th...

This vulnerability in ALGO 8180 IP Audio Alerter devices allows remote attackers to obtain authentication cookies from the web UI response body withou...

This vulnerability allows remote attackers to access sensitive information on ALGO 8180 IP Audio Alerter devices without authentication by directly na...

This vulnerability allows authenticated remote attackers to execute arbitrary code on Langflow installations by exploiting insecure deserialization in...

A race condition vulnerability in Anritsu ShockLine's SCPI component allows network-adjacent attackers to execute arbitrary code without authenticatio...

CVE-2026-24138 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in FOG Project's getversion.php. Attackers can exploit this by s...

CVE-2026-21520 is an information disclosure vulnerability in Microsoft Copilot Studio that allows unauthenticated attackers to access sensitive inform...

This vulnerability allows attackers to perform unlimited authentication attempts, enabling brute-force attacks to gain unauthorized access and causing...

This vulnerability in Gitea allows users who previously uploaded attachments to a repository to delete those attachments even after losing access to t...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability in the Nexter Blocks WordPress plugin allows unauthorized users to retrieve embedded sensitive data from affected websites. It affe...

This CVE describes a PHP Local File Inclusion vulnerability in the My auctions allegro WordPress plugin. Attackers can exploit improper filename contr...

This CVE describes a PHP Local File Inclusion vulnerability in the Freshio WordPress theme. Attackers can include arbitrary local files through improp...

This CVE describes a PHP Local File Inclusion vulnerability in the Triply WordPress theme by pavothemes. Attackers can include arbitrary local files t...

This CVE describes a code injection vulnerability in Beaver Builder Lite WordPress plugin that allows attackers to execute arbitrary code. It affects ...

This CVE describes a missing authorization vulnerability in the WPXPO PostX ultimate-post WordPress plugin that allows attackers to bypass access cont...

This CVE describes a PHP Local File Inclusion vulnerability in the Miion WordPress theme by zozothemes. Attackers can exploit improper filename contro...

This CVE describes a PHP Local File Inclusion vulnerability in the JNews - Pay Writer WordPress plugin. Attackers can exploit improper filename contro...

This path traversal vulnerability in the Hostme v2 WordPress theme allows attackers to delete arbitrary files on the server by manipulating file paths...

This CVE describes a missing authorization vulnerability in the Scalenut WordPress plugin that allows attackers to bypass access controls. It affects ...

This SQL injection vulnerability in the Antideo Email Validator WordPress plugin allows attackers to execute arbitrary SQL commands through the plugin...

This vulnerability in the Tabby Checkout WordPress plugin exposes sensitive data embedded in sent information, allowing attackers to retrieve confiden...

This vulnerability allows attackers to include local PHP files through improper filename control in the MyHome Core WordPress plugin. Attackers can po...

CVE-2025-67221 is a denial-of-service vulnerability in orjson's dumps function that allows attackers to crash applications by providing deeply nested ...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...

This vulnerability in the WordPress Cookies and Content Security Policy plugin allows attackers to retrieve embedded sensitive data from sent informat...

This vulnerability in GitLab allows unauthenticated attackers to cause denial of service by sending specially crafted requests with malformed authenti...

This vulnerability allows unauthenticated attackers to cause denial of service on GitLab instances by exploiting incorrect authorization validation in...

This vulnerability allows attackers to bypass authorization controls in Solvera Software Services Trade Inc.'s Teknoera software by manipulating user-...

This vulnerability allows attackers to bypass authorization controls by manipulating user-controlled keys in EXERT Computer Technologies' Education Ma...

MeetingHub software from HAMASTAR Technology contains an absolute path traversal vulnerability that allows unauthenticated remote attackers to read ar...

A signature malleability vulnerability in sm-crypto's SM2 signature verification allows attackers to create new valid signatures from existing ones. T...

This vulnerability in jsdiff library allows denial-of-service attacks through infinite loops and resource exhaustion when parsing patches containing s...

Seroval versions 1.4.0 and below have a stack overflow vulnerability when serializing deeply nested objects, causing denial of service. This affects a...

Mastodon servers running vulnerable versions allow attackers to create remote posts with unlimited poll options, causing excessive resource consumptio...

A signature forgery vulnerability in sm-crypto's SM2 implementation allows attackers to create valid signatures for arbitrary public keys. This affect...