🔥 Trending CVEs - Last 90 Days
4,438 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This CVE describes a SQL injection vulnerability in code-projects Online Application System for Admission 1.0, specifically in the login endpoint at e...
📅 35 days ago • Feb 8, 2026CVE-2026-2173 is an SQL injection vulnerability in code-projects Online Examination System 1.0 that allows attackers to manipulate database queries th...
📅 35 days ago • Feb 8, 2026CVE-2026-2174 is an authentication bypass vulnerability in code-projects Contact Management System 1.0 that allows attackers to manipulate CRUD endpoi...
📅 35 days ago • Feb 8, 2026This SQL injection vulnerability in Online Student Management System 1.0 allows attackers to manipulate database queries through the login form. Attac...
📅 35 days ago • Feb 8, 2026CVE-2026-2164 is an unrestricted file upload vulnerability in detronetdip E-commerce 1.0.0 that allows attackers to upload malicious files to the serv...
📅 35 days ago • Feb 8, 2026CVE-2026-2165 is an authentication bypass vulnerability in detronetdip E-commerce 1.0.0 that allows unauthenticated attackers to create admin accounts...
📅 35 days ago • Feb 8, 2026This SQL injection vulnerability in code-projects Online Reviewer System 1.0 allows attackers to manipulate database queries through the login form. R...
📅 35 days ago • Feb 8, 2026This SQL injection vulnerability in itsourcecode Directory Management System 1.0 allows attackers to execute arbitrary SQL commands via the email para...
📅 35 days ago • Feb 8, 2026CVE-2026-2158 is a SQL injection vulnerability in code-projects Student Web Portal 1.0 that allows remote attackers to execute arbitrary SQL commands ...
📅 35 days ago • Feb 8, 2026CVE-2026-2136 is a SQL injection vulnerability in projectworlds Online Food Ordering System 1.0 that allows remote attackers to execute arbitrary SQL ...
📅 35 days ago • Feb 8, 2026CVE-2026-2133 is an unrestricted file upload vulnerability in code-projects Online Music Site 1.0 that allows attackers to upload malicious files via ...
📅 35 days ago • Feb 8, 2026This is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands via the tx...
📅 35 days ago • Feb 8, 2026This vulnerability allows remote attackers to execute arbitrary SQL commands via the expenses_id parameter in the /admin/edit_expenses.php file in its...
📅 35 days ago • Feb 8, 2026This is a SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows remote attackers to execute arbitrary SQL commands via...
📅 35 days ago • Feb 8, 2026This vulnerability allows remote attackers to execute arbitrary SQL commands on itsourcecode Society Management System 1.0 through the /admin/delete_e...
📅 35 days ago • Feb 7, 2026CVE-2026-2114 is an SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows attackers to manipulate database queries thr...
📅 35 days ago • Feb 7, 2026This CVE describes a remote code execution vulnerability in yuan1994 tpadmin's WebUploader component through insecure deserialization in preview.php. ...
📅 35 days ago • Feb 7, 2026This SQL injection vulnerability in SourceCodester Online Class Record System 1.0 allows remote attackers to execute arbitrary SQL commands via the 't...
📅 36 days ago • Feb 7, 2026This SQL injection vulnerability in PHPGurukul Beauty Parlour Management System 1.1 allows attackers to manipulate database queries through the 'delid...
📅 36 days ago • Feb 7, 2026This SQL injection vulnerability in SourceCodester Online Class Record System 1.0 allows attackers to manipulate database queries through the ID param...
📅 36 days ago • Feb 7, 2026This SQL injection vulnerability in SourceCodester Online Class Record System 1.0 allows attackers to manipulate database queries through the user_ema...
📅 36 days ago • Feb 7, 2026This SQL injection vulnerability in code-projects Social Networking Site 1.0 allows attackers to manipulate database queries through the /delete_post....
📅 36 days ago • Feb 7, 2026CVE-2026-2073 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...
📅 36 days ago • Feb 7, 2026This SQL injection vulnerability in Simple Blood Donor Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID para...
📅 37 days ago • Feb 6, 2026This SQL injection vulnerability in SourceCodester Medical Center Portal Management System 1.0 allows attackers to manipulate database queries through...
📅 37 days ago • Feb 6, 2026This CVE describes a SQL injection vulnerability in the CloudClassroom-PHP-Project software that allows remote attackers to execute arbitrary SQL comm...
📅 37 days ago • Feb 6, 2026This SQL injection vulnerability in SourceCodester Medical Center Portal Management System 1.0 allows attackers to execute arbitrary SQL commands via ...
📅 37 days ago • Feb 6, 2026CVE-2026-2018 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...
📅 37 days ago • Feb 6, 2026CVE-2026-2014 is a SQL injection vulnerability in itsourcecode Student Management System 1.0 that allows attackers to manipulate database queries thro...
📅 37 days ago • Feb 6, 2026This SQL injection vulnerability in itsourcecode Student Management System 1.0 allows attackers to execute arbitrary SQL commands via the ID parameter...
📅 37 days ago • Feb 6, 2026A heap-based buffer overflow vulnerability in the image module allows attackers to crash affected systems, potentially causing denial of service. This...
📅 37 days ago • Feb 6, 2026This SQL injection vulnerability in itsourcecode Student Management System 1.0 allows attackers to execute arbitrary SQL commands through the /ramonsy...
📅 37 days ago • Feb 6, 2026CVE-2026-2012 is a SQL injection vulnerability in itsourcecode Student Management System 1.0 that allows remote attackers to execute arbitrary SQL com...
📅 37 days ago • Feb 6, 2026A stack-based buffer overflow vulnerability in Open5GS allows remote attackers to execute arbitrary code or cause denial of service by manipulating th...
📅 38 days ago • Feb 4, 2026This CVE describes a command injection vulnerability in the Ziroom ZHOME A0101 router firmware version 1.0.1.0. Attackers can remotely execute arbitra...
📅 40 days ago • Feb 3, 2026Authenticated students in Open eClass platform can inject malicious JavaScript into user profile fields, which executes when other users view those pr...
📅 40 days ago • Feb 3, 2026This cross-site scripting vulnerability in Moodle allows attackers to inject malicious scripts through AI prompt responses. When users view compromise...
📅 40 days ago • Feb 3, 2026This Cross-Site Scripting (XSS) vulnerability in Moodle allows attackers to inject malicious JavaScript code into arithmetic expression fields in the ...
📅 40 days ago • Feb 3, 2026This vulnerability allows remote attackers to bypass authentication on EFM ipTIME A8004T routers via improper authentication in the Hidden Hiddenlogin...
📅 41 days ago • Feb 2, 2026HotCRP conference review software versions from October 2025 through January 2026 incorrectly delivered all document types with inline Content-Disposi...
📅 43 days ago • Jan 30, 2026CVE-2026-1701 is an SQL injection vulnerability in itsourcecode Student Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
📅 44 days ago • Jan 30, 2026This CVE describes a remote command injection vulnerability in Tenda HG10 routers. Attackers can execute arbitrary commands on affected devices by man...
📅 44 days ago • Jan 30, 2026This SQL injection vulnerability in itsourcecode Directory Management System 1.0 allows attackers to execute arbitrary SQL commands via the Username p...
📅 44 days ago • Jan 30, 2026This CVE describes a command injection vulnerability in Tenda HG10 routers through the Boa webserver's formSamba endpoint. Attackers can remotely exec...
📅 44 days ago • Jan 30, 2026CVE-2026-1595 is an SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
📅 45 days ago • Jan 29, 2026This vulnerability allows remote attackers to execute SQL injection attacks against itsourcecode School Management System 1.0 via the txtsearch parame...
📅 45 days ago • Jan 29, 2026This SQL injection vulnerability in itsourcecode School Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID par...
📅 45 days ago • Jan 29, 2026CVE-2026-1593 is a SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows remote attackers to execute arbitrary SQL com...
📅 45 days ago • Jan 29, 2026This is an SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows attackers to execute arbitrary SQL commands through t...
📅 45 days ago • Jan 29, 2026CVE-2026-1545 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...
📅 45 days ago • Jan 28, 2026Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
