🔥 Trending CVEs - Last 90 Days

A path traversal vulnerability in Qfiling allows remote attackers to read arbitrary files on the system by manipulating file paths. This affects all Q...

Cowrie honeypot versions before 2.9.0 contain a server-side request forgery vulnerability in the emulated wget and curl commands. Unauthenticated atta...

This vulnerability in KZTech JT3500V 4G LTE CPE devices allows attackers to reuse expired session credentials due to improper session expiration. Atta...

This vulnerability allows limited administrative users on ZBL EPON ONU Broadband Router V100R001 to escalate privileges by accessing configuration end...

CVE-2021-47744 is a hard-coded credentials vulnerability in Cypress Solutions CTM-200/CTM-ONE devices running version 1.3.6. Attackers can use the sta...

This vulnerability allows non-privileged users on NuCom 11N Wireless Router to retrieve administrative credentials by accessing the configuration back...

The Knowband Mobile App Builder WordPress plugin before version 3.0.0 has an authorization vulnerability in its REST API that allows unauthenticated a...

This vulnerability in the cbor2 library allows attackers to read sensitive data from previously decoded CBOR messages when a CBORDecoder instance is r...

This vulnerability allows attackers to include local files on the server through improper input validation in the MAS Videos WordPress plugin. Attacke...

CVE-2023-54163 is a SQL injection vulnerability in NLB mKlik Macedonia mobile banking app version 3.3.12. Attackers can inject malicious SQL code thro...

CVE-2022-50799 is a denial of service vulnerability in Fetch FTP Client 5.8.2 where attackers can send specially crafted FTP server responses exceedin...

H3C SSL VPN has a user enumeration vulnerability that allows attackers to determine valid usernames by analyzing login response differences. Attackers...

This vulnerability allows remote attackers to read arbitrary files on SOUND4 IMPACT/FIRST/PULSE/Eco devices without authentication by manipulating the...

CVE-2022-50788 is an information disclosure vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems that allows unauthenticated attackers to access sen...

This vulnerability allows unauthenticated remote attackers to access live radio stream information from SOUND4 IMPACT/FIRST/PULSE/Eco systems. Attacke...

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below have insufficient session expiration, allowing attackers to reuse old session credentials. This e...

This vulnerability allows unauthenticated attackers to abuse network diagnostic scripts (ping.php, traceroute.php, dns.php) in SOUND4 products to laun...

CVE-2025-66723 is an insecure permissions vulnerability in inMusic Brands Engine DJ software where the Remote Library's exposed HTTP service allows at...

This vulnerability in Ruby's URI module allows credential exposure when using the '+' operator to combine URIs. Sensitive information like passwords f...

A vulnerability in WasmEdge WebAssembly runtime allows integer overflow in memory boundary checking, leading to segmentation faults. This affects all ...

A command injection vulnerability in Serverless Framework's experimental MCP server feature allows attackers to execute arbitrary system commands via ...

A divide-by-zero vulnerability in GNU Recutils v1.9 encryption/decryption routines allows attackers to cause a Denial of Service (DoS) by providing an...

A NULL pointer dereference vulnerability in GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) by injecting a crafted payload into...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...

The E-Invoice App Malaysia WordPress plugin exposes sensitive system information to unauthorized users. This vulnerability allows attackers to retriev...

This vulnerability in the Contact Form 7 Extension For Mailchimp WordPress plugin exposes sensitive data embedded in form submissions. Attackers can r...

CVE-2025-15358 is a denial of service vulnerability in Delta Electronics DVP-12SE11T programmable logic controllers. Attackers can send specially craf...

This vulnerability allows attackers to bypass the Same-Origin Policy in Whale browser's sidebar environment, potentially enabling cross-origin data th...

This CVE describes a missing authorization vulnerability in CubeWP WordPress plugin that allows attackers to access functionality not properly restric...

CVE-2024-25183 is a directory traversal vulnerability in givanz VvvebJs 1.7.2 that allows attackers to read arbitrary files on the server via the scan...

NagiosXI 2026R1.0.1 build 1762361101 contains a directory traversal vulnerability in /admin/coreconfigsnapshots.php that allows attackers to access fi...

A buffer overflow vulnerability in the dcputchar function of libming 0.4.8 allows attackers to execute arbitrary code or cause denial of service. This...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

A buffer overflow vulnerability in the gnu_special function of BinUtils' cplus-dem.c file allows attackers to crash applications by processing special...

A vulnerability in BinUtils' cp-demangle.c function allows attackers to cause denial of service through crafted PE files. This affects systems using B...

A vulnerability in BinUtils' cp-demangle.c allows attackers to cause denial of service through crafted PE files. This affects systems using BinUtils f...

A stack-based buffer overflow vulnerability exists in the cp-demangle.c file of BinUtils 2.26, specifically in the d_print_comp_inner function. Attack...

A vulnerability in BinUtils' cp-demangle.c allows attackers to cause denial of service through crafted PE files. This affects systems using BinUtils f...

A buffer overflow vulnerability in the strcat function within libming 0.4.8 allows attackers to execute arbitrary code or cause denial of service. Thi...

An unauthenticated remote attacker can trigger generation and download of configuration backup ZIP files in vulnerable phpMyFAQ installations. This ex...

This CVE describes a PHP Local File Inclusion vulnerability in the CedCommerce Integration for Good Market WordPress plugin. Attackers can include arb...

CVE-2025-15227 is an arbitrary file read vulnerability in BPMFlowWebkit developed by WELLTEND TECHNOLOGY. Unauthenticated remote attackers can exploit...

WMPro software developed by Sunnet contains an arbitrary file read vulnerability due to relative path traversal. Unauthenticated remote attackers can ...

This CVE describes an information disclosure vulnerability in PHP's getimagesize() function where uninitialized heap memory can leak into image metada...

This vulnerability in PHP's PDO PostgreSQL driver causes a null pointer dereference when using prepared statements with invalid character sequences, l...

CVE-2025-59946 is a heap use-after-free vulnerability in NanoMQ MQTT broker caused by a data race condition in subscription information handling. This...

This vulnerability allows unauthenticated attackers to access administrative endpoints in DEV Systemtechnik GmbH's DEV 7113 RF over Fiber Distribution...

This vulnerability allows attackers to change the Administrator password and escalate privileges on Comtech EF Data CDM-625/CDM-625A satellite modems ...

Cola Dnslog v1.3.2 has a directory traversal vulnerability in TXT record processing that allows attackers to read arbitrary files on the server. This ...

A vulnerability in libxmljs 1.0.11 allows attackers to cause a segmentation fault and denial-of-service by parsing a specially crafted XML document th...