🔥 Trending CVEs - Last 90 Days

This CVE describes a Missing Authorization vulnerability in the WordPress ListingHub plugin that allows attackers to bypass access controls. It affect...

This CVE describes a missing authorization vulnerability in the Real Estate Pro WordPress plugin that allows attackers to bypass access controls. Atta...

This CVE describes a missing authorization vulnerability in the WP Membership WordPress plugin that allows attackers to bypass access controls. Attack...

This CVE describes a Missing Authorization vulnerability in the WordPress Final User plugin that allows attackers to bypass access controls. Attackers...

This CVE describes a missing authorization vulnerability in the WordPress fitness-trainer plugin that allows attackers to bypass access controls. Atta...

This CVE describes a missing authorization vulnerability in the Listihub WordPress theme that allows attackers to bypass access controls. Attackers ca...

This CVE describes a missing authorization vulnerability in the Hotel Listing WordPress plugin that allows attackers to bypass access controls. Attack...

This CVE describes a Missing Authorization vulnerability in the Hospital Doctor Directory WordPress plugin that allows attackers to bypass access cont...

This CVE describes a missing authorization vulnerability in the WordPress Institutions Directory plugin that allows attackers to bypass access control...

This CVE describes a missing authorization vulnerability in the Lawyer Directory WordPress plugin that allows attackers to bypass access controls. It ...

This path traversal vulnerability in the Anona WordPress theme allows attackers to download arbitrary files from the server by manipulating file paths...

This vulnerability allows attackers to escalate privileges in the Themefic Hydra Booking WordPress plugin. Attackers can gain higher-level access than...

CVE-2026-23736 is a prototype pollution vulnerability in seroval's JSON deserialization functionality that allows attackers to modify JavaScript objec...

D-Link D-View 8 installer versions 2.0.1.107 and below contain a DLL preloading vulnerability where the installer loads version.dll from its execution...

NVIDIA Nsight Systems contains an OS command injection vulnerability in the gfx_hotspot recipe. Attackers can execute arbitrary commands by supplying ...

This vulnerability in NVIDIA Nsight Visual Studio for Windows allows attackers to execute arbitrary code with the same privileges as the Nsight Monito...

This vulnerability allows attackers to execute arbitrary operating system commands by injecting malicious strings into the installation path parameter...

IBM ApplinX 11.1 has a privilege escalation vulnerability where attackers can craft or modify JWT tokens to impersonate users or gain elevated privile...

This vulnerability allows remote attackers to bypass authentication in CRMEB systems by manipulating the openId parameter in the appleLogin function. ...

This CVE describes a command injection vulnerability in Tosei Online Store Management System 1.01. Attackers can remotely execute arbitrary commands b...

This vulnerability allows remote attackers to execute SQL injection attacks against Yonyou KSOA 9.0 systems by manipulating the 'folderid' parameter i...

This SQL injection vulnerability in Yonyou KSOA 9.0 allows remote attackers to execute arbitrary SQL commands via the folderid parameter in the /kmf/s...

This is a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the 'folderid' parameter i...

OnboardLite versions before commit 1d32081a66f21bcf41df1ecb672490b13f6e429f contain a stored cross-site scripting (XSS) vulnerability that allows atta...

CVE-2026-1176 is a SQL injection vulnerability in itsourcecode School Management System 1.0 that allows remote attackers to execute arbitrary SQL comm...

CVE-2026-1160 is a SQL injection vulnerability in PHPGurukul Directory Management System 1.0 that allows remote attackers to execute arbitrary SQL com...

CVE-2026-1159 is a SQL injection vulnerability in itsourcecode Online Frozen Foods Ordering System 1.0 that allows remote attackers to execute arbitra...

This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the 'folderid' ...

This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the folderid pa...

This CVE describes a remote command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary commands by manipulating the w...

This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0's /worksheet/work_mod.jsp file via the ID parameter in HTTP GET requests. Attacker...

This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the ID paramete...

This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the ID paramete...

This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 that allows remote attackers to execute arbitrary SQL commands via the ID paramete...

This CVE describes a SQL injection vulnerability in itsourcecode Society Management System 1.0. Attackers can remotely exploit the /admin/delete_activ...

This SQL injection vulnerability in EasyCMS allows attackers to manipulate database queries through the _order parameter in /UserAction.class.php. Att...

This CVE describes a SQL injection vulnerability in FeMiner wms through commit 9cad1f1b179a98b9547fd003c23b07c7594775fa. Attackers can exploit the /sr...

This CVE describes a SQL injection vulnerability in risesoft-y9 Digital-Infrastructure's REST authentication endpoint. Attackers can remotely execute ...

This vulnerability allows unauthenticated access to the Librarian supervisord status page via the web_fetch tool, exposing running process information...

This vulnerability allows unprivileged local users to read arbitrary physical memory through the Ludashi driver's IOCTL handler, exposing sensitive ke...

This vulnerability allows remote attackers to execute SQL injection attacks against code-projects Online Music Site 1.0 by manipulating the ID paramet...

This SQL injection vulnerability in code-projects Online Music Site 1.0 allows attackers to manipulate database queries through the txtusername parame...

A heap-based buffer overflow vulnerability in quickjs-ng's js_typed_array_constructor function allows remote attackers to execute arbitrary code or ca...

CVE-2025-15503 is an unrestricted file upload vulnerability in Sangfor Operation and Maintenance Management System that allows remote attackers to upl...

This CVE describes a remote command injection vulnerability in Sangfor Operation and Maintenance Management System. Attackers can execute arbitrary op...

An authenticated attacker on the same network can exploit improper input validation in TP-Link Archer AXE75 v1.6 VPN modules to delete arbitrary serve...

This SQL injection vulnerability in Intern Membership Management System 1.0 allows attackers to execute arbitrary SQL commands through the Username pa...

This vulnerability allows remote attackers to upload arbitrary files through the signup component in House Rental and Property Listing 1.0. Attackers ...

The Download Manager WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to reset passwords for non-admi...

CVE-2026-0607 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...