🔥 Trending CVEs - Last 30 Days

Wallos versions before 4.6.2 contain a server-side request forgery vulnerability in notification testers that allows attackers to make unauthorized re...

CVE-2026-30823 is an Insecure Direct Object Reference (IDOR) vulnerability in Flowise that allows attackers to bypass authorization controls. This ena...

This vulnerability allows authenticated WordPress users with Author-level access or higher to register administrator accounts through a registration f...

This vulnerability in OliveTin allows authentication bypass when JWT authentication is configured. Attackers can use validly signed JWT tokens intende...

This mass assignment vulnerability in Snipe-IT allows authenticated low-privileged users to modify restricted user attributes, including those of Supe...

OpenSift versions before 1.6.3-alpha contain a path traversal vulnerability (CWE-22) in multiple storage helpers that don't properly enforce directory...

This vulnerability allows authenticated low-privileged users in Chamilo LMS to upload malicious files and execute arbitrary code on the server. The sy...

This stored XSS vulnerability in Chamilo LMS allows attackers to inject malicious JavaScript into social network and messaging features. When authenti...

OpenClaw versions before 2026.2.14 have a command hijacking vulnerability where attackers can manipulate PATH environment variables to execute malicio...

This vulnerability allows attackers to bypass authentication in Keycloak by exploiting a disabled SAML client configured as an Identity Provider-initi...

The WowOptin WordPress plugin allows authenticated attackers with Subscriber-level access or higher to install and activate arbitrary plugins without ...

This vulnerability allows attackers to exploit heap corruption in Google Chrome's DevTools through malicious extensions. Users who install untrusted C...

Dell Command | Intel vPro Out of Band versions before 4.7.0 have a path traversal vulnerability that allows local low-privileged attackers to execute ...

A remote buffer overflow vulnerability in LLM-Claw's agent deployment component allows attackers to execute arbitrary code or crash the system. This a...

This vulnerability allows authenticated attackers with Agent-level access in the LatePoint WordPress plugin to escalate privileges by linking customer...

This CVE describes a one-click remote code execution vulnerability in AFFiNE workspace software. Attackers can exploit it by tricking users into visit...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to execute arbitrary code on servers running the Master...

This vulnerability allows attackers to inject malicious scripts into Chamilo LMS user profiles via CSV import. When other users view these profiles, t...

A stack-based buffer overflow vulnerability in Tenda AC15 routers allows remote attackers to execute arbitrary code by manipulating the wpapsk_crypto2...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code or cause denial of service by sending speciall...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the h...

This vulnerability allows remote attackers to execute arbitrary code on Tenda F453 routers by exploiting a buffer overflow in the frmL7ImForm function...

CVE-2026-3378 is a remote buffer overflow vulnerability in Tenda F453 routers affecting the qossetting function. Attackers can exploit this flaw remot...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the fr...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the Sa...

The Worry Proof Backup WordPress plugin contains a path traversal vulnerability that allows authenticated attackers with Subscriber-level access or hi...

This CVE allows attackers with read/write access to Vitess backup storage locations to manipulate backup manifest files and perform path traversal att...

This CVE describes a Python sandbox escape vulnerability in Agenta's API server that allows authenticated users to bypass RestrictedPython sandboxing ...

This vulnerability allows any authenticated non-admin user in WireGuard Portal to elevate their privileges to full administrator by sending a crafted ...

This vulnerability allows authenticated users with workflow creation/modification permissions in n8n to achieve remote code execution by chaining file...

LORIS versions before 26.0.5, 27.0.2, and 28.0.0 contain a path traversal vulnerability in the media module that allows authenticated users with suffi...

A heap buffer overflow vulnerability in FreeRDP clients allows a malicious RDP server to execute arbitrary code on connecting clients. Attackers contr...

OpenEMR versions before 8.0.0 contain a SQL injection vulnerability in the prescription listing functionality that allows authenticated attackers to e...

An SQL injection vulnerability in OpenEMR's Immunization module allows authenticated users to execute arbitrary SQL queries by manipulating patient_id...

This vulnerability in Cisco Catalyst SD-WAN Manager allows authenticated local users with low privileges to escalate to root privileges through the RE...

This vulnerability in JetBrains YouTrack allows applications to send unauthorized requests to the app permissions endpoint, potentially enabling privi...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parameter in the Sa...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' argument in the fro...

A buffer overflow vulnerability in Tenda F453 routers allows remote attackers to execute arbitrary code by manipulating the 'page' argument in the Nat...

This vulnerability allows authenticated users to upload .htaccess or .user.ini files to FreeScout help desk systems, enabling remote code execution on...

OpenEMR versions before 8.0.0 contain a broken access control vulnerability that allows low-privilege users (like Receptionist role) to add and modify...

EventSentry Web Reports interface versions before 6.0.1.20 contain an unverified password change vulnerability. Attackers with temporary access to an ...

Dell Wyse Management Suite versions before 5.5 have a missing authorization vulnerability that allows low-privileged remote attackers to elevate their...

This CVE describes a command injection vulnerability in Binardat 10G08-0800GSM network switch firmware that allows authenticated attackers to execute ...

This CVE describes a use-after-free vulnerability in Firefox's DOM Core & HTML components that could allow attackers to execute arbitrary code or caus...

This vulnerability allows arbitrary command injection in yt-dlp when using the --netrc-cmd option with maliciously crafted URLs. Attackers can execute...

A stack-based buffer overflow vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code by manipulating the boundary argume...