🔥 Trending CVEs - Last 90 Days

This vulnerability in Kentico Xperience allows attackers to view detailed error messages containing sensitive stack trace information through Portal E...

A cryptography vulnerability in Kentico Xperience allows attackers to manipulate URL hash values, potentially enabling unauthorized actions or data ac...

A denial-of-service vulnerability in omec-project UPF's pfcpiface component allows attackers to crash the UPF process by sending malformed PFCP Sessio...

A denial-of-service vulnerability in the omec-project UPF's pfcpiface component allows attackers to crash the UPF process by sending specially crafted...

A denial-of-service vulnerability in the omec-project UPF's pfcpiface component allows attackers to crash the UPF by sending specially crafted PFCP Se...

CVE-2025-63387 is an insecure permissions vulnerability in Dify v1.9.1 that allows unauthenticated attackers to access the /console/api/system-feature...

A reachable assertion vulnerability in Open5GS UPF component causes denial of service when processing malformed PFCP Session Establishment Requests wi...

A vulnerability in free5GC's LocalNode.Sess function allows attackers to send crafted PFCP Session Modification Requests with malicious Local SEID hea...

CVE-2025-65562 is an unauthenticated denial-of-service vulnerability in free5GC UPF where specially crafted PFCP Session Deletion Requests with large ...

A denial-of-service vulnerability in omec-project UPF allows attackers to crash the UPF process by sending malformed PFCP Association Setup Request me...

A denial-of-service vulnerability in omec-upf's PFCP interface allows attackers to crash the UPF process by sending malformed PFCP Association Setup R...

An improper authentication vulnerability in TP-Link WA850RE Wi-Fi range extenders allows unauthenticated attackers to download the device configuratio...

CVE-2025-14896 is a server-side request forgery (SSRF) vulnerability in Vega's convert() function when safeMode is enabled and the spec parameter is a...

An authentication bypass vulnerability in Open-WebUI's /api/config endpoint allows unauthenticated remote attackers to access sensitive system configu...

CVE-2025-7358 is a hard-coded credentials vulnerability in Utarit Informatics Services Inc. SoliClub software that allows attackers to bypass authenti...

An integer overflow vulnerability in FFmpeg's libswscale component allows attackers to cause heap corruption when processing specially crafted YUV vid...

CVE-2025-1029 is a hard-coded credentials vulnerability in Utarit Information Services SoliClub software that allows attackers to extract sensitive au...

This vulnerability in Utarit Informatics Services Inc. SoliClub allows unauthorized actors to query the system and access private personal information...

This vulnerability allows attackers to bypass authorization controls in Utarit Informatics Services Inc. SoliClub by manipulating user-controlled keys...

The Hummingbird Performance WordPress plugin exposes sensitive information including Cloudflare API credentials to unauthenticated attackers via the '...

A denial-of-service vulnerability in Nodemailer allows attackers to crash email-sending applications by sending specially crafted email addresses that...

This vulnerability in Ultimate Member Widgets for Elementor WordPress plugin allows attackers to retrieve embedded sensitive data from the plugin's wi...

This CVE describes a Missing Authorization vulnerability in the Ays Pro Easy Form WordPress plugin that allows attackers to bypass access controls. It...

This CVE describes a missing authorization vulnerability in the LearnPress WordPress plugin that allows attackers to bypass access controls and perfor...

This CVE describes a missing authorization vulnerability in the wpForo Forum WordPress plugin that allows attackers to bypass access controls. It affe...

This CVE describes a missing authorization vulnerability in PropertyHive WordPress plugin that allows attackers to bypass access controls. It affects ...

This CVE describes a Missing Authorization vulnerability in the ListingPro WordPress theme that allows attackers to bypass access controls. It affects...

This CVE describes a Missing Authorization vulnerability in the Arraytics Timetics WordPress plugin that allows attackers to bypass access controls. I...

This CVE describes a Missing Authorization vulnerability in the GetResponse Email Marketing WordPress plugin that allows attackers to exploit incorrec...

This CVE describes a Missing Authorization vulnerability in the FantasticPlugins WooCommerce Recover Abandoned Cart plugin that allows attackers to de...

This path traversal vulnerability in the WP Chill Filr WordPress plugin allows attackers to delete arbitrary files on the server. It affects all WordP...

The Follow My Blog Post WordPress plugin (versions up to 2.3.9) exposes sensitive system information to unauthorized users. This vulnerability allows ...

This CVE describes a missing authorization vulnerability in the Masterstudy WordPress theme that allows attackers to access functionality not properly...

This vulnerability in MasterStudy LMS Pro WordPress plugin allows attackers to retrieve embedded sensitive data from the system. It affects all WordPr...

This CVE describes a missing authorization vulnerability in the MasterStudy LMS Pro WordPress plugin that allows attackers to access functionality not...

This vulnerability in the Passster WordPress plugin allows attackers to retrieve embedded sensitive data that should be protected. It affects all Word...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to execute arbitrary code through PHP object injection by exploiting unsafe deserialization in the PDF for Gravity...

This CVE describes a Missing Authorization vulnerability in the WP Voting Contest WordPress plugin that allows attackers to exploit incorrectly config...

This CVE describes a PHP Local File Inclusion vulnerability in the Ray Enterprise Translation WordPress plugin. Attackers can exploit improper filenam...

This CVE describes a missing authorization vulnerability in the YayPricing WordPress plugin that allows attackers to access functionality not properly...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This CVE describes a Missing Authorization vulnerability in the ThemeAtelier IDonatePro WordPress plugin that allows attackers to access functionality...

This CVE describes a Missing Authorization vulnerability in the Javo Core WordPress plugin that allows attackers to delete arbitrary content without p...

CVE-2023-53930 is an insecure direct object reference vulnerability in ProjectSend r1605 that allows unauthenticated attackers to download private fil...

An unprivileged user can cause a Blue Screen of Death (BSOD) on Windows computers running vulnerable DriveLock versions by sending a specific IOCTL wi...

This vulnerability in Homarr allows privilege escalation and unauthorized access to other users' groups through crafted LDAP search queries due to ins...

A NULL pointer dereference vulnerability in RIOT OS's IPv6 fragmentation reassembly allows remote attackers to crash the operating system by sending s...

AVideo versions before 20.1 expose sensitive user information through an unauthenticated public API endpoint. This allows attackers to enumerate users...

AVideo versions before 20.1 expose absolute server filesystem paths through public API endpoints. This information disclosure vulnerability reveals in...