🔥 Trending CVEs - Last 90 Days

A nil pointer dereference vulnerability in SIPGO library's NewResponseFromRequest function allows remote attackers to crash SIP applications by sendin...

This vulnerability in @vitejs/plugin-rsc allows unauthenticated attackers to read arbitrary files accessible to the Node.js process during development...

This vulnerability in Expr for Go allows denial-of-service attacks through stack overflow panics. Attackers can crash applications by providing deeply...

CVE-2025-10450 is an exposure of private personal information vulnerability in RTI Connext Professional Core Libraries that allows unauthorized actors...

This vulnerability allows attackers to bypass authorization mechanisms in Menulux Software Inc.'s Mobile App by manipulating user-controlled keys to e...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...

This vulnerability allows attackers to include local files on the server through the Stockholm WordPress theme's PHP code. Attackers can potentially r...

This vulnerability allows attackers to include local PHP files through improper filename control in the EduMall WordPress theme. Attackers can potenti...

This CVE describes a PHP Local File Inclusion vulnerability in the MinimogWP WordPress theme. Attackers can include arbitrary local files, potentially...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

CVE-2025-61976 is an improper condition check vulnerability in CHOCO TEI WATCHER mini (IB-MCT001) that allows remote attackers to send specially craft...

This CVE describes an argument injection vulnerability in QNAP operating systems where attackers can manipulate command arguments to alter execution l...

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the app...

Dynatrace OneAgent versions before 1.325.47 automatically retry failed network share access attempts using all available user tokens, enabling NTLM re...

A buffer overflow vulnerability exists in the su command of UNIX Fourth Research Edition (v4) due to a fixed-size 100-byte password buffer. Local user...

ZITADEL identity management platform versions before 3.4.8 and 4.12.2 contain a passkey registration vulnerability where improper expiration checks al...

This vulnerability in Cisco IOS XR's IS-IS multi-instance routing allows an unauthenticated attacker on the same network segment to send specially cra...

This vulnerability in Git for Windows allows attackers to steal users' NTLM password hashes by tricking them into cloning from a malicious Git server....

This vulnerability in IBM Trusteer Rapport installer 3.5.2309.290 allows a local attacker to execute arbitrary code via DLL hijacking. Attackers can p...

This CVE describes a command injection vulnerability in Siemens SICAM SIAPP SDK where user-controlled input is improperly sanitized before being used ...

An out-of-bounds write vulnerability in SICAM SIAPP SDK allows attackers to write data beyond allocated buffers. This could lead to denial of service ...

CVE-2026-25167 is a use-after-free vulnerability in Microsoft Brokering File System that allows local attackers to execute arbitrary code with elevate...

This vulnerability allows attackers to bypass authentication rate limiting in HomeBox by forging IP headers, enabling brute-force attacks on login cre...

Zed code editor versions before 0.224.4 contain a Zip Slip vulnerability in the extension archive extraction functionality. This allows malicious exte...

An unauthenticated attacker on the same network segment can send a specially crafted LLDP packet to vulnerable Cisco NX-OS devices, causing the LLDP p...

This vulnerability is a stack-based buffer overflow in ImageMagick's FTXT image reader, allowing crafted FTXT files to cause out-of-bounds writes on t...

A local privilege escalation vulnerability in Tencent iOA for Windows allows authenticated local users to execute programs with elevated privileges by...

This vulnerability allows man-in-the-middle attacks by disabling TLS/SSL certificate validation in jxcore jxm master. When 'jx_obj.IsSecure' is true, ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Shiprocket WordPress plugin that allows attackers to bypass authori...

This vulnerability allows local users with knowledge of IBM Concert's system architecture to escalate privileges by exploiting incorrect file permissi...

This vulnerability in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code on the server by sending a specially crafted AJAX response. This...

This vulnerability in the Galaxy FDS Android SDK disables TLS hostname verification, allowing man-in-the-middle attackers to intercept and modify comm...

Litestar ASGI framework versions before 2.20.0 have a CORS origin validation bypass vulnerability. Attackers can craft malicious origin headers that m...

A critical timing attack vulnerability in Trilium Notes allows unauthenticated remote attackers to recover authentication hashes through statistical t...

pgAdmin 9.11 in server mode has a restore restriction bypass vulnerability that allows authenticated attackers to execute arbitrary commands on the ho...

CVE-2026-24052 is a URL validation bypass vulnerability in Claude Code's trusted domain verification. Attackers could register malicious subdomains th...

This OpenSSL vulnerability allows memory corruption via a malicious PKCS#12 file containing non-ASCII BMP characters in the friendly name field. When ...

This vulnerability in Copilot allows attackers to exploit improper input sanitization to extract sensitive information over network connections. It af...

This vulnerability in Azure Data Explorer allows unauthorized attackers to access sensitive information over the network. It affects organizations usi...

This vulnerability in Atomberg Erica Smart Fan firmware allows attackers to send crafted deauthentication frames to extract sensitive information and ...

A vulnerability in Beat XP VEGA Smartwatch firmware allows attackers to cause denial of service via Bluetooth Low Energy (BLE) connections. This affec...

This vulnerability allows an attacker with knowledge of a victim's credential ID to bypass two-factor authentication in GitLab by submitting forged de...

This vulnerability in Typebot allows attackers to steal stored credentials (OpenAI keys, Google Sheets tokens, SMTP passwords) from any user who previ...

A null pointer dereference vulnerability in EVerest EV charging software allows remote attackers to cause denial of service by sending specially craft...

This vulnerability in EVerest EV charging software allows attackers to cause denial of service through null pointer dereference when handling SDP requ...

This vulnerability in EVerest EV charging software allows attackers to cause denial of service by triggering assertion failures that crash individual ...

This vulnerability in EVerest EV charging software allows attackers to cause denial of service by exhausting system memory through unlimited TCP conne...

An improper certificate validation vulnerability in OPC-UA and ANSL over TLS clients in Automation Studio allows attackers to intercept and manipulate...

This vulnerability in Gradle's dependency resolution allows an attacker to serve malicious artifacts if they can register a domain name matching an un...