🔥 Trending CVEs - Last 90 Days

The DVP-12SE programmable logic controller transmits sensitive information in cleartext over Modbus/TCP, allowing attackers on the same network to int...

Pexip Infinity installations before version 39.0 have an internal API vulnerability where critical functions lack authentication. This allows an attac...

CVE-2025-66379 is an improper input validation vulnerability in Pexip Infinity's media implementation that allows remote attackers to trigger a softwa...

Pexip Infinity versions 35.0 through 38.1 have an improper input validation vulnerability in WebRTC signaling when using non-default Direct Media conf...

Pexip Infinity versions 33.0 through 37.0 have improper input validation in signaling that allows attackers to trigger a software abort, causing denia...

Pexip Infinity versions 35.0 through 37.2 have an improper input validation vulnerability in signalling that allows attackers to trigger a software ab...

CVE-2025-32095 is an improper input validation vulnerability in Pexip Infinity's signaling component that allows remote attackers to trigger a softwar...

CVE-2025-3232 is an authentication bypass vulnerability in Mitsubishi Electric products that allows remote unauthenticated attackers to execute arbitr...

This vulnerability in the PostX WordPress plugin allows unauthorized users to retrieve embedded sensitive data from affected websites. It affects all ...

The Virusdie WordPress plugin versions up to and including 1.1.6 expose sensitive system information to unauthorized users. This vulnerability allows ...

This CVE describes a Missing Authorization vulnerability in the claspo Popup Builder WordPress plugin that allows attackers to bypass access controls....

This vulnerability in the Tablesome WordPress plugin allows attackers to retrieve embedded sensitive data from tables. It affects all WordPress sites ...

This vulnerability in Premium Addons for Elementor WordPress plugin allows unauthorized users to retrieve embedded sensitive data from affected websit...

This vulnerability in the Eight Day Week Print Workflow WordPress plugin allows unauthorized users to retrieve embedded sensitive data. It affects all...

This vulnerability allows remote attackers to crash Sante PACS Server by sending specially crafted HTTP requests with malformed Content-Length headers...

This vulnerability allows unauthenticated remote attackers to retrieve sensitive information from Senstar Symphony installations via the FetchStoredLi...

This vulnerability allows remote attackers to include arbitrary PHP files via a filename parameter in TheGem Theme Elements for Elementor WordPress pl...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

CVE-2024-24844 is a missing authorization vulnerability in PowerPack Pro for Elementor WordPress plugin that allows unauthenticated attackers to reset...

This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in Fedify's document loader. Attackers can cause catastrophic backtrac...

This vulnerability in Xiongmai XM530 IP cameras exposes RTSP video streams through hardcoded credentials in the GetStreamUri function. Attackers can d...

CVE-2023-53972 is an unauthenticated SQL injection vulnerability in WebTareas 2.4 that allows attackers to manipulate database queries via the webTare...

D-Link DSL-124 routers running ME_1.00 firmware contain an unauthenticated configuration file disclosure vulnerability. Attackers can retrieve complet...

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands without authentica...

This authentication bypass vulnerability in Screen SFT DAB 600/C devices allows attackers to reset device configurations without valid credentials by ...

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change the admin password without providing current cred...

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change user passwords without proper authentication by e...

CVE-2023-53962 is an unauthenticated directory traversal vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x that allows remote attackers to write arb...

CVE-2021-47713 is a denial of service vulnerability in Hasura GraphQL Engine where attackers can craft malicious GraphQL queries with excessive nested...

CVE-2025-66735 is an access control vulnerability in youlai-boot V2.21.1 where the getRoleForm function lacks proper permission checks. This allows no...

This vulnerability allows unauthorized attackers to access sensitive information through insecure permissions in the GT Edge AI Platform's /api/v1/age...

This vulnerability allows unauthorized attackers to access other users' uploaded files through the /api/v1/conversations/*/files API in GT Edge AI Pla...

This vulnerability allows unauthorized attackers to access other users' message history with AI agents through an incorrect access control flaw in the...

A path traversal vulnerability in Sharp Display Solutions projectors allows attackers to read arbitrary files on the device's filesystem. This affects...

CVE-2025-15015 is an arbitrary file read vulnerability in Ragic's Enterprise Cloud Database that allows unauthenticated remote attackers to download a...

The Live Composer WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input in the dslc_module_posts_output shortc...

This vulnerability allows unauthenticated attackers to access sensitive user metadata including password hashes via a REST API endpoint in the PostX W...

In Delphix Continuous Compliance 2025.3.0+, incorrect End-of-Record (EOR) configuration for delimited files can cause parsing errors that leave person...

CVE-2025-66905 is a path traversal vulnerability in the Takes web framework that allows remote attackers to read arbitrary files from the host system ...

This vulnerability allows unauthenticated attackers to cause denial of service by uploading specially crafted image files that trigger memory exhausti...

CVE-2025-50681 is a remote denial-of-service vulnerability in igmpproxy versions before commit 2b30c36. Attackers can crash the application by sending...

This vulnerability allows unauthenticated clients to read uninitialized heap memory from MongoDB servers by exploiting mismatched length fields in Zli...

This CVE describes an insecure deserialization vulnerability in the MiczFlor RPi-Jukebox-RFID project's rss-mp3.php script. Remote unauthenticated att...

BullWall Server Intrusion Protection has a timing vulnerability where MFA checks for RDP connections have a configuration-dependent delay. Remote auth...

A local, authenticated attacker can log into BullWall Server Intrusion Protection systems during the brief window after boot when login services are r...

An insecure deserialization vulnerability in Twittodon's download.php script allows remote, unauthenticated attackers to inject arbitrary PHP objects ...

This CVE describes a container escape vulnerability in Foundry Container Service where misconfigured deployments allow pods within the same namespace ...

A denial-of-service vulnerability in the omec-project UPF's pfcpiface component allows attackers to crash the UPF process by sending malformed PFCP Se...

This CVE describes a denial-of-service vulnerability in Kentico Xperience's GetResource handler where improper input validation allows attackers to se...