🔥 Trending CVEs - Last 90 Days

iDailyDiary 4.30 contains a denial of service vulnerability where attackers can crash the application by pasting an extremely long string (2,000,000 c...

CVE-2021-47827 is a denial of service vulnerability in WebSSH for iOS that allows attackers to crash the application by pasting malformed input into t...

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability where attackers can crash the application by inputting a long string (8000 rep...

CVE-2021-47821 is a denial of service vulnerability in RarmaRadio 2.72.8 where attackers can crash the application by overflowing network configuratio...

RustFS versions 1.0.0-alpha.1 through 1.0.0-alpha.79 log the shared HMAC secret when invalid RPC signatures are received. This exposes the secret to a...

A stack overflow vulnerability in Tenda AX-1806 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted requests to the...

Tenda AX-1806 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the security parameter handling. Attackers can exploit this ...

The Librarian's web_fetch tool contains an information leakage vulnerability that allows attackers to retrieve arbitrary external content and proxy re...

The Librarian contains a server-side request forgery (SSRF) vulnerability that allows attackers to use the web_fetch tool to scan internal network por...

TheLibrarians web_fetch tool can be exploited to retrieve the Adminer interface content, enabling unauthorized access to the internal TheLibrarian bac...

This vulnerability in Apache Airflow exposes sensitive values like passwords and API keys in cleartext in the Rendered Templates UI when template fiel...

Apache Airflow versions before 3.1.6 expose proxy credentials in logs when connections contain proxy URLs with embedded authentication. This allows at...

The Gotac Statistics Database System contains an arbitrary file read vulnerability that allows unauthenticated remote attackers to download any system...

The Gotac Statistics Database System has a Missing Authentication vulnerability (CWE-306) that allows unauthenticated remote attackers to directly que...

The Police Statistics Database System developed by Gotac contains an unauthenticated arbitrary file read vulnerability via absolute path traversal. Th...

This vulnerability in Redragon Gaming Mouse drivers allows attackers to cause a kernel-level denial of service by sending specially crafted IOCTL requ...

Deno's node:crypto module before version 2.6.0 fails to properly finalize cipher operations, allowing attackers to perform infinite encryption attempt...

This vulnerability in GNU C Library (glibc) allows stack memory contents to be leaked to DNS resolvers when getnetbyaddr functions query for a zero-va...

A double free vulnerability in Juniper's flow processing daemon (flowd) allows unauthenticated attackers to cause denial-of-service by sending a speci...

An unauthenticated attacker can send specially crafted DNS requests to Juniper SRX Series devices running vulnerable Junos OS versions, causing the fl...

An unauthenticated attacker can cause a complete denial-of-service on vulnerable Juniper EX4000 switches by sending high volumes of traffic to the dev...

An improper locking vulnerability in Juniper SRX Series GTP plugin allows unauthenticated attackers to cause denial-of-service by sending malformed GT...

An unauthenticated attacker can cause a denial-of-service on Juniper SRX Series firewalls by sending specially crafted SSL packets to devices with UTM...

An unauthenticated attacker can crash the packet forwarding engine on vulnerable Juniper SRX Series devices by sending a specific ICMP packet through ...

An unauthenticated attacker can send specially crafted SIP messages over TCP to trigger an infinite loop in Juniper's SIP ALG, crashing critical proce...

A buffer over-read vulnerability in Juniper's routing protocol daemon (rpd) allows unauthenticated attackers to cause denial-of-service by sending spe...

This vulnerability in NanoMQ allows attackers to cause a denial of service by sending crafted requests that cause the recv-q queue to fill up, leading...

CVE-2026-22803 is a denial-of-service vulnerability in SvelteKit's experimental form remote function that allows attackers to cause memory exhaustion ...

An unauthenticated attacker can send specially crafted requests to Palo Alto Networks PAN-OS firewalls, causing them to crash and enter maintenance mo...

CVE-2026-22774 is a denial-of-service vulnerability in the Svelte devalue JavaScript library where specially crafted inputs cause excessive CPU and me...

CVE-2026-22775 is a denial-of-service vulnerability in the Svelte devalue JavaScript library where specially crafted inputs cause excessive CPU and me...

A remote, unauthenticated attacker can exploit a null pointer dereference vulnerability in the TP-Link TL-WR841N v14 web portal's referer header check...

A stack overflow vulnerability in GPAC's dump_ttxt_sample function allows attackers to cause Denial of Service by sending specially crafted packets. T...

CVE-2026-22265 is a command injection vulnerability in Roxy-WI web interface versions prior to 8.2.8.2 that allows authenticated users to execute arbi...

An out-of-bounds read vulnerability in GPAC's GSF demuxer filter allows attackers to cause denial of service by processing a malicious .gsf file. This...

CVE-2025-70656 is a stack overflow vulnerability in Tenda AX-1806 routers that allows attackers to cause Denial of Service (DoS) by sending specially ...

A buffer overflow vulnerability in GPAC's vobsub_get_subpic_duration() function allows attackers to cause denial of service by sending specially craft...

CVE-2025-66417 is an unauthenticated SQL injection vulnerability in GLPI's inventory endpoint. Attackers can execute arbitrary SQL commands without cr...

This vulnerability allows unauthorized users to access documents attached to any item in GLPI (tickets, assets, etc.). If the public FAQ feature is en...

This directory traversal vulnerability in Omnispace Agora Project allows unauthenticated attackers to read arbitrary files with extensions from the se...

CVE-2021-47784 is a denial of service vulnerability in Cyberfox Web Browser where attackers can crash the application by pasting an excessively large ...

CVE-2021-47755 is a path traversal vulnerability in Oliver Library Server v5 that allows unauthenticated attackers to download arbitrary files from th...

CVE-2021-47752 is a denial of service vulnerability in AWebServer GhostBuilding 18 that allows remote attackers to crash or render the server unrespon...

Tenda AX-1806 routers version 1.0.0.1 contain a stack overflow vulnerability in the cloneType parameter that allows attackers to cause Denial of Servi...

This vulnerability in Tenda AX-1806 routers allows attackers to cause a Denial of Service (DoS) by sending specially crafted requests that trigger a s...

This vulnerability allows remote attackers to cause Denial of Service (DoS) by sending a specially crafted .keras archive with an extremely large data...

This vulnerability allows unauthorized access to system functions that control installed applications. Attackers can start, stop, or delete applicatio...

This vulnerability allows attackers to gain unauthorized access to affected devices by using weak, publicly known default passwords on hidden user acc...

This vulnerability allows unauthenticated attackers to perform blind SQL injection attacks on WordPress sites using the Simply Schedule Appointments B...

Tenda AX-1806 routers running firmware v1.0.0.1 contain a stack overflow vulnerability in the serviceName parameter that allows remote attackers to cr...