🔥 Trending CVEs - Last 90 Days

This vulnerability is a race condition in Windows WalletService that allows local attackers to gain elevated privileges by exploiting improper synchro...

This vulnerability involves a use-after-free flaw in the Windows Clipboard Server that allows an unauthorized local attacker to execute arbitrary code...

NestJS applications using Fastify platform with route-specific middleware are vulnerable to URL encoding bypass. This allows attackers to access prote...

CVE-2025-68922 is a remote code execution vulnerability in OpenOps that allows attackers to execute arbitrary commands via the Terraform block. This a...

Yealink RPS (Remote Provisioning Service) before June 27, 2025 allows unauthorized access to sensitive information including AutoP URL addresses due t...

An out-of-bounds read vulnerability in Grassroot DICOM's RLECodec::DecodeByStreams function allows attackers to leak heap memory data by providing a s...

An out-of-bounds read vulnerability in Grassroot DICOM's Overlay::GrabOverlayFromPixelData function allows attackers to leak sensitive information by ...

An out-of-bounds read vulnerability in Grassroot DICOM's JPEGBITSCodec::InternalCode function allows attackers to leak sensitive information by provid...

An out-of-bounds read vulnerability in Grassroot DICOM's JPEGBITSCodec::InternalCode function allows attackers to leak sensitive information by provid...

An authenticated attacker with access to the GraphQL Reports API in Anchore Enterprise can execute arbitrary SQL commands through an SQL injection vul...

CVE-2026-4014 is an SQL injection vulnerability in itsourcecode Cafe Reservation System 1.0 that allows attackers to manipulate database queries throu...

This SQL injection vulnerability in Online Doctor Appointment System 1.0 allows attackers to manipulate database queries through the patient_id parame...

This CVE describes a SQL injection vulnerability in FeMiner wms up to version 1.0, specifically in the Basic Organizational Structure Module. Attacker...

This vulnerability allows remote attackers to execute arbitrary commands on H3C ACG1000-AK230 devices by manipulating the suffix parameter in the /web...

A local attacker with low privileges can exploit a TOCTOU (Time-of-Check Time-of-Use) vulnerability in the CODESYS installer to gain elevated system r...

Keygraph Shannon contains a hard-coded API key in its router configuration that allows network attackers to authenticate using a publicly known static...

This CVE describes a SQL injection vulnerability in Tiandy Easy7 CMS Windows version 7.17.0. Attackers can remotely exploit the /Easy7/apps/WebService...

This vulnerability allows attackers to bypass authentication in DoraCMS 3.0.x by exploiting the Email API endpoint /api/v1/mail/send. Attackers can re...

This vulnerability in SourceCodester Client Database Management System 1.0 allows attackers to bypass authorization controls and perform unauthorized ...

This vulnerability in SourceCodester Client Database Management System allows unauthorized deletion of manager accounts via improper authorization in ...

CVE-2026-3757 is a SQL injection vulnerability in projectworlds Online Art Gallery Shop 1.0 that allows remote attackers to execute arbitrary SQL comm...

This SQL injection vulnerability in projectworlds Online Art Gallery Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the reach_...

CVE-2026-3746 is an SQL injection vulnerability in SourceCodester Simple Responsive Tourism Website 1.0 that allows attackers to execute arbitrary SQL...

This SQL injection vulnerability in Student Web Portal 1.0 allows attackers to manipulate database queries through the password registration field. Re...

This CVE describes a SQL injection vulnerability in itsourcecode University Management System 1.0, specifically in the /admin_search_student.php file....

This CVE describes a SQL injection vulnerability in code-projects Simple Flight Ticket Booking System 1.0. Attackers can manipulate the 'from' paramet...

This vulnerability in SourceCodester Client Database Management System 1.0 allows attackers to bypass authorization controls by manipulating the manag...

This SQL injection vulnerability in Simple Flight Ticket Booking System 1.0 allows attackers to manipulate database queries through the flightno param...

CVE-2026-3709 is a SQL injection vulnerability in Simple Flight Ticket Booking System 1.0 that allows attackers to manipulate database queries through...

This vulnerability allows remote attackers to execute arbitrary SQL commands via the Username parameter in the login.php file of Simple Flight Ticket ...

This vulnerability in Shy2593666979 AgentChat allows attackers to manipulate user_id parameters in user information functions, enabling unauthorized a...

This CVE describes a remote command injection vulnerability in Totolink N300RH routers. Attackers can execute arbitrary operating system commands by m...

This vulnerability allows attackers to inject malicious HTML/JavaScript into Kestra's execution-file preview feature, leading to cross-site scripting ...

This WebSocket vulnerability allows session hijacking in charging station management systems by enabling multiple connections with the same predictabl...

This WebSocket vulnerability allows session hijacking by connecting with predictable charging station identifiers, enabling attackers to impersonate l...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect 17 for Windows due to improper handling of symbolic links. Atta...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect 17 for Windows due to improper handling of symbolic links. An a...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect Cloud Agent for Windows. Attackers can exploit DLL hijacking to...

This CVE describes a DOM-based cross-site scripting (XSS) vulnerability in Gogs self-hosted Git service. Attackers can inject malicious JavaScript int...

A permission bypass vulnerability in Huawei's system service framework allows attackers to circumvent intended access controls. This affects availabil...

This SQL injection vulnerability in itsourcecode University Management System 1.0 allows attackers to manipulate database queries through the ID param...

This SQL injection vulnerability in itsourcecode University Management System 1.0 allows attackers to manipulate database queries through the /admin_s...

This CVE-2026-3409 vulnerability allows remote attackers to execute arbitrary code through a code injection flaw in the Flow Import Endpoint of eospho...

This SQL injection vulnerability in Online Art Gallery Shop 1.0 allows attackers to manipulate database queries through the registration form's fname ...

This vulnerability allows remote attackers to execute arbitrary code on MaxSite CMS installations through a code injection flaw in the MarkItUp Previe...

Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting vulnerability in the WebUI's Custom Rules function. This allows ...

This SQL injection vulnerability in itsourcecode News Portal Project 1.0 allows attackers to manipulate database queries through the pagetitle paramet...

CVE-2026-3151 is an SQL injection vulnerability in itsourcecode College Management System 1.0 that allows attackers to manipulate database queries thr...

This SQL injection vulnerability in itsourcecode Document Management System 1.0 allows attackers to execute arbitrary SQL commands via the Username pa...

This SQL injection vulnerability in itsourcecode News Portal Project 1.0 allows attackers to manipulate database queries through the Category paramete...