🔥 Trending CVEs - Last 90 Days

This vulnerability allows authenticated users in Traccar GPS tracking systems to steal OAuth 2.0 authorization codes via open redirect in OIDC endpoin...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the UEditor component of erzhongxmu JEEWMS 3.7. Attackers can exploit the /pl...

A stack overflow vulnerability in libtiff's readSeparateStripsIntoBuffer function allows attackers to execute arbitrary code or cause denial of servic...

Dell Repository Manager versions before 3.4.8 have a path traversal vulnerability where attackers with local access can execute arbitrary code and esc...

This vulnerability in SourceCodester Student Result Management System 1.0 allows unauthenticated attackers to upload arbitrary files via the bulk impo...

This vulnerability allows remote attackers to execute arbitrary operating system commands on systems running Vaelsys 4.1.0 by exploiting an OS command...

This CVE describes an OS command injection vulnerability in Tosei Online Store Management System 1.01. Attackers can execute arbitrary operating syste...

This CVE describes a remote out-of-bounds write vulnerability in Zaher1307's tiny_web_server that could allow attackers to execute arbitrary code or c...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows remote attackers to manipulate database queries through the test_i...

This vulnerability allows remote attackers to bypass authorization controls in funadmin's configuration handler, potentially enabling unauthorized con...

CVE-2026-2867 is an SQL injection vulnerability in itsourcecode Vehicle Management System 1.0 that allows remote attackers to execute arbitrary SQL co...

This SQL injection vulnerability in Agri-Trading Online Shopping System 1.0 allows attackers to execute arbitrary SQL commands via manipulated Product...

This vulnerability allows local attackers to escalate privileges on PDF-XChange Editor installations by exploiting an uncontrolled search path element...

This CVE describes a SQL injection vulnerability in Fujian Smart Integrated Management Platform System that allows attackers to execute arbitrary SQL ...

This SQL injection vulnerability in Fujian Smart Integrated Management Platform System allows remote attackers to execute arbitrary SQL commands via t...

This stored cross-site scripting (XSS) vulnerability in Open WebUI allows attackers to inject malicious HTML into chat history metadata, which gets ex...

This vulnerability allows attackers to bypass authorization controls in MeCODE Informatics and Engineering Services Ltd. Envanty software by manipulat...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows attackers to manipulate database queries through the /admin/manage...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows attackers to manipulate database queries through the ID parameter ...

Notepad++ versions before 8.9.2 have an unsafe search path vulnerability when launching Windows Explorer. This could allow an attacker to execute mali...

This vulnerability allows unauthorized access to the user management functionality in Rongzhitong Visual Integrated Command and Dispatch Platform. Att...

This SQL injection vulnerability in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0 allows remote attackers to execute arbitrary SQ...

This SQL injection vulnerability in Huace Monitoring and Early Warning System 2.2 allows remote attackers to execute arbitrary SQL commands via the ID...

This vulnerability in zhanghuanhao LibrarySystem allows attackers to bypass access controls in the BookController.java component, potentially enabling...

This vulnerability allows remote attackers to execute arbitrary operating system commands on systems running vulnerable versions of yued-fe LuLu UI. T...

This CVE describes a command injection vulnerability in Tosei Self-service Washing Machine software version 4.02. Attackers can remotely execute arbit...

This vulnerability allows remote code execution when Apache Avro Java SDK processes untrusted Avro schemas. Attackers can inject malicious code that g...

WWW::OAuth 1.000 and earlier for Perl uses non-cryptographically secure random number generation (rand()) for cryptographic operations, potentially al...

A DLL hijacking vulnerability in AMD Doc Nav software allows local attackers to escalate privileges by placing malicious DLLs in directories searched ...

A DLL hijacking vulnerability in AMD's Vivado design suite allows local attackers to escalate privileges by placing malicious DLLs in directories sear...

This vulnerability in GitLab allows an authenticated attacker to inject malicious content into the vulnerability code flow, potentially performing una...

Docmost versions before 0.25.0 have a stored XSS vulnerability in public share pages where page titles aren't properly HTML-escaped before insertion i...

A heap-based buffer overflow vulnerability in Windows Hyper-V allows authenticated attackers to execute arbitrary code on the host system. This affect...

This vulnerability involves a use-after-free flaw in Microsoft Graphics Component that allows an authenticated attacker to execute arbitrary code with...

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated high-privilege attackers to insert malicious URLs that r...

CVE-2025-10463 is an improper authentication vulnerability in Birtech Senseway that allows attackers to bypass authentication mechanisms and gain unau...

CVE-2026-2225 is a SQL injection vulnerability in itsourcecode News Portal Project 1.0 that allows remote attackers to execute arbitrary SQL commands ...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID para...

CVE-2026-2220 is a SQL injection vulnerability in code-projects Online Reviewer System 1.0 that allows remote attackers to execute arbitrary SQL comma...

CVE-2026-2221 is a SQL injection vulnerability in code-projects Online Reviewer System 1.0 that allows remote attackers to execute arbitrary SQL comma...

This SQL injection vulnerability in itsourcecode Event Management System 1.0 allows attackers to execute arbitrary SQL commands via the ID parameter i...

This SQL injection vulnerability in code-projects Online Music Site 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter...

CVE-2026-2212 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows attackers to manipulate database queries through the difficulty_id...

This CVE describes a SQL injection vulnerability in code-projects Online Reviewer System 1.0. Attackers can remotely exploit the user-delete.php file ...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows attackers to manipulate database queries through the test_id param...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows remote attackers to execute arbitrary SQL commands via the test_id...

This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows attackers to manipulate database queries through the ID parameter ...

CVE-2026-2190 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...

CVE-2026-2189 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...