🔥 Trending CVEs - Last 90 Days

seroval library versions 1.4.0 and below contain vulnerabilities in RegExp serialization that can cause memory exhaustion or ReDoS (Regular Expression...

CVE-2026-23957 is a denial-of-service vulnerability in seroval library versions 1.4.0 and below. Attackers can craft malicious serialized data with ma...

CVE-2026-23737 is a deserialization vulnerability in seroval library versions 1.4.0 and below that allows arbitrary JavaScript code execution. Attacke...

This vulnerability in Claude Code versions before 2.0.65 allows malicious repositories to exfiltrate Anthropic API keys before users confirm trust. Wh...

A vulnerability in ollama's GGUF decoder allows remote attackers to trigger a denial of service by sending specially crafted input. This affects all s...

A vulnerability in ollama v0.12.10 allows remote attackers to cause denial of service by sending specially crafted GGUF files. The readGGUFV1String fu...

GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability where attackers can crash the application by pasting extremely large content (...

GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability where attackers can crash the application by inputting an oversized ...

CVE-2021-47865 is a denial of service vulnerability in ProFTPD that allows attackers to overwhelm FTP servers by creating multiple simultaneous connec...

Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted...

This vulnerability allows remote attackers to download router configuration files without authentication on Tenda D151 and D301 routers. Attackers can...

NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations...

Tenda AX1803 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the security_5g parameter handling. Attackers can send crafte...

Tenda AX-1806 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the time parameter handling. Attackers can exploit this to c...

Tenda AX1803 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the security parameter handling. Attackers can send crafted r...

This CVE describes a stack overflow vulnerability in Tenda AX-1806 routers that allows attackers to cause Denial of Service (DoS) by sending specially...

CVE-2025-70650 is a stack overflow vulnerability in Tenda AX-1806 routers that allows attackers to cause a Denial of Service (DoS) by sending speciall...

A stack overflow vulnerability in Tenda AX-1803 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted requests to the...

A denial-of-service vulnerability in BIND DNS servers where malformed BRID/HHIT records cause the named process to crash. This affects BIND 9 installa...

This vulnerability in Oracle VM VirtualBox allows an unauthenticated attacker on the same physical network segment to potentially take complete contro...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to potentially compromise the Virtua...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to potentially compromise the virtua...

A Node.js TLS vulnerability allows remote attackers to crash TLS servers or cause resource exhaustion by triggering unhandled exceptions in PSK or ALP...

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash due to an unhandled TLSSocket ECONNRESET error, enablin...

This vulnerability in Node.js causes applications to crash unrecoverably when deep recursion triggers 'Maximum call stack size exceeded' errors while ...

A NULL pointer dereference vulnerability in owntone-server's parse_meta function allows attackers to crash the server by sending a specially crafted D...

A NULL pointer dereference vulnerability in owntone-server's DACP handling allows attackers to crash the service by sending a specially crafted reques...

A buffer over-read vulnerability in Trust Wallet Core's PublicKey::verify() method allows attackers to cause Denial of Service (DoS) by sending crafte...

An input validation vulnerability in Pithikos websocket-server v0.6.4 allows remote attackers to trigger unexpected server behavior or potentially lea...

A NULL pointer dereference vulnerability in owntone-server's DAAP service allows remote attackers to crash the service by sending specially crafted re...

A NULL pointer dereference vulnerability in owntone-server's DACP reply handling allows remote attackers to crash the service by sending specially cra...

A memory leak vulnerability in Node.js's OpenSSL integration allows remote attackers to cause denial of service through resource exhaustion. When appl...

A memory leak vulnerability in tinyMQTT allows attackers to cause denial of service by sending malformed UTF-8 strings in topic filters. Each malforme...

A denial-of-service vulnerability in ArmorStart LT industrial motor controllers causes unexpected device reboots when subjected to specific EtherNet/I...

A denial-of-service vulnerability in ArmorStart LT industrial motor controllers causes unexpected device reboots when processing specific network traf...

A denial-of-service vulnerability in ArmorStart LT industrial motor controllers allows attackers to crash the CIP port by sending specially crafted pa...

A memory corruption vulnerability in GNU C Library's wordexp function when using WRDE_REUSE with WRDE_APPEND flags can return uninitialized memory. Th...

SiYuan personal knowledge management system versions before 3.5.4 contain a path traversal vulnerability in the markdown feature's HTML rendering. Thi...

ChatterBot versions up to 1.2.10 are vulnerable to denial-of-service due to improper database connection pool management. Concurrent calls to the get_...

An integer overflow vulnerability in ESPHome's API protobuf decoder allows denial-of-service attacks when API encryption is disabled. Malicious client...

FreeRDP clients prior to version 3.21.0 contain a buffer overflow vulnerability in FastGlyph parsing. A malicious RDP server can exploit this to cause...

Quicly, an IETF QUIC protocol implementation, contains assertion failures that allow remote attackers to trigger denial-of-service crashes. Systems us...

WeasyPrint versions before 68.0 contain an SSRF protection bypass vulnerability in the default_url_fetcher. Attackers can exploit HTTP redirects to ac...

This vulnerability involves a null pointer dereference in the bundled HarfBuzz library within HarfBuzz::Shaper for Perl. It could allow attackers to c...

A path traversal vulnerability in esm.sh CDN allows attackers to write arbitrary files outside intended directories by exploiting absolute paths in ma...

The Demo Importer Plus WordPress plugin contains an XML External Entity Injection vulnerability in SVG file upload functionality. Authenticated attack...

CVE-2026-0517 is a denial-of-service vulnerability in Secure Access Server where an attacker can crash the server by sending a specially crafted packe...

This vulnerability in pyasn1 allows attackers to cause denial-of-service through memory exhaustion by sending malformed RELATIVE-OID data with excessi...

This vulnerability allows authenticated attackers in UmbracoForms to execute arbitrary code by supplying a malicious WSDL URL as a data source. It aff...

CVE-2021-47831 is a denial of service vulnerability in Sandboxie where attackers can crash the application by pasting an overly long string into the c...