🔥 Trending CVEs - Last 90 Days
4,422 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
CVE-2026-0606 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...
📅 68 days ago • Jan 5, 2026CVE-2026-0605 is an SQL injection vulnerability in code-projects Online Music Site 1.0 that allows attackers to manipulate database queries through th...
📅 69 days ago • Jan 5, 2026This SQL injection vulnerability in code-projects Online Product Reservation System 1.0 allows attackers to manipulate database queries through the em...
📅 69 days ago • Jan 5, 2026This vulnerability allows attackers to bypass authentication in MiniCMS versions up to 1.8 by exploiting an unknown function in the article handler co...
📅 69 days ago • Jan 5, 2026This vulnerability allows remote attackers to bypass authentication in MiniCMS's trash file restore functionality, potentially enabling unauthorized a...
📅 69 days ago • Jan 5, 2026This vulnerability in MiniCMS allows attackers to bypass authentication mechanisms and potentially publish unauthorized pages. It affects MiniCMS vers...
📅 69 days ago • Jan 5, 2026This SQL injection vulnerability in code-projects Online Product Reservation System 1.0 allows attackers to manipulate database queries through the ad...
📅 70 days ago • Jan 4, 2026This SQL injection vulnerability in Online Product Reservation System 1.0 allows attackers to manipulate database queries through the /handgunner-admi...
📅 70 days ago • Jan 4, 2026This SQL injection vulnerability in code-projects Online Product Reservation System 1.0 allows remote attackers to execute arbitrary SQL commands thro...
📅 70 days ago • Jan 4, 2026This SQL injection vulnerability in code-projects Online Product Reservation System 1.0 allows attackers to manipulate database queries through the ad...
📅 70 days ago • Jan 4, 2026The Petlibro Smart Pet Feeder Platform contains an improper access control vulnerability that allows attackers to manipulate any device by sending arb...
📅 70 days ago • Jan 4, 2026This authorization bypass vulnerability in Petlibro Smart Pet Feeder Platform allows unauthorized users to add themselves as shared owners to any devi...
📅 70 days ago • Jan 4, 2026This SQL injection vulnerability in Online Music Site 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in /Frontend/...
📅 72 days ago • Jan 2, 2026CVE-2026-0570 is a SQL injection vulnerability in code-projects Online Music Site 1.0 that allows remote attackers to execute arbitrary SQL commands v...
📅 72 days ago • Jan 2, 2026This SQL injection vulnerability in code-projects Content Management System 1.0 allows attackers to manipulate database queries through the /pages.php...
📅 72 days ago • Jan 2, 2026This SQL injection vulnerability in code-projects Online Music Site 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter...
📅 72 days ago • Jan 2, 2026This vulnerability allows remote attackers to execute SQL injection attacks against Yonyou KSOA 9.0 through the /kp/PrintZPYG.jsp file by manipulating...
📅 72 days ago • Jan 2, 2026This vulnerability in jackying H-ui.admin allows attackers to upload arbitrary files without restrictions via the /lib/webuploader/0.1.5/server/previe...
📅 72 days ago • Jan 2, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0 through the /worksheet/agent_worksdel.jsp endpoint. Attackers can manipulate the I...
📅 72 days ago • Jan 2, 2026This CVE describes a SQL injection vulnerability in Yonyou KSOA 9.0's /worksheet/agent_work_report.jsp endpoint via the ID parameter. Attackers can re...
📅 72 days ago • Jan 2, 2026This vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter in the /worksheet/agent_worksadd.jsp endpoint of Yon...
📅 72 days ago • Jan 2, 2026This SQL injection vulnerability in Online Guitar Store 1.0 allows attackers to execute arbitrary SQL commands via the dre_title parameter in the admi...
📅 73 days ago • Jan 1, 2026CVE-2025-15354 is a SQL injection vulnerability in itsourcecode Society Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
📅 75 days ago • Dec 30, 2025This SQL injection vulnerability in itsourcecode Society Management System 1.0 allows attackers to manipulate database queries through the Username pa...
📅 75 days ago • Dec 30, 2025This vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) attacks against FeehiCMS installations up to version 2.1.1. By manip...
📅 75 days ago • Dec 30, 2025A CSV formula injection vulnerability in TrueConf Server v5.5.2.10813 allows authenticated users to embed malicious spreadsheet formulas in exported c...
📅 75 days ago • Dec 30, 2025BiggiDroid Simple PHP CMS 1.0 contains a SQL injection vulnerability in the admin login page that allows remote attackers to execute arbitrary SQL com...
📅 75 days ago • Dec 30, 2025This CVE describes a command injection vulnerability in the Edimax BR-6208AC router's web configuration interface. Attackers can execute arbitrary com...
📅 75 days ago • Dec 30, 2025This CVE describes a command injection vulnerability in Edimax BR-6208AC routers that allows remote attackers to execute arbitrary commands on affecte...
📅 75 days ago • Dec 30, 2025This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via a heap-based buffer overflow in the snap7-rs libra...
📅 75 days ago • Dec 30, 2025CVE-2025-15243 is an SQL injection vulnerability in Simple Stock System 1.0's login.php file that allows remote attackers to execute arbitrary SQL com...
📅 75 days ago • Dec 30, 2025CVE-2025-15208 is a SQL injection vulnerability in the Refugee Food Management System 1.0 that allows attackers to manipulate database queries through...
📅 75 days ago • Dec 29, 2025Campcodes Supplier Management System 1.0 contains a SQL injection vulnerability in the /admin/add_area.php file via the txtAreaCode parameter. This al...
📅 76 days ago • Dec 29, 2025Campcodes Supplier Management System 1.0 contains a SQL injection vulnerability in the /admin/view_products.php file through manipulation of the chkId...
📅 76 days ago • Dec 29, 2025CVE-2025-15198 is a SQL injection vulnerability in the College Notes Uploading System 1.0 that allows attackers to manipulate database queries through...
📅 76 days ago • Dec 29, 2025CVE-2025-15196 is an SQL injection vulnerability in code-projects Assessment Management 1.0 that allows attackers to execute arbitrary SQL commands vi...
📅 76 days ago • Dec 29, 2025CVE-2025-15195 is a SQL injection vulnerability in code-projects Assessment Management 1.0 that allows remote attackers to execute arbitrary SQL comma...
📅 76 days ago • Dec 29, 2025This SQL injection vulnerability in Refugee Food Management System 1.0 allows attackers to manipulate database queries through the 'a' parameter in /h...
📅 76 days ago • Dec 29, 2025CVE-2025-15185 is a SQL injection vulnerability in the Refugee Food Management System 1.0 that allows remote attackers to execute arbitrary SQL comman...
📅 76 days ago • Dec 29, 2025This SQL injection vulnerability in Refugee Food Management System 1.0 allows attackers to execute arbitrary SQL commands via the 'a' parameter in /ho...
📅 76 days ago • Dec 29, 2025This SQL injection vulnerability in Refugee Food Management System 1.0 allows attackers to manipulate database queries through the tfid parameter in /...
📅 76 days ago • Dec 29, 2025CVE-2025-15182 is a SQL injection vulnerability in code-projects Refugee Food Management System 1.0 that allows remote attackers to execute arbitrary ...
📅 76 days ago • Dec 29, 2025CVE-2025-15181 is an SQL injection vulnerability in the Refugee Food Management System 1.0 that allows attackers to manipulate database queries throug...
📅 76 days ago • Dec 29, 2025CVE-2025-15168 is an SQL injection vulnerability in itsourcecode Student Management System 1.0 that allows remote attackers to execute arbitrary SQL c...
📅 76 days ago • Dec 29, 2025CVE-2025-15167 is a SQL injection vulnerability in itsourcecode Online Cake Ordering System 1.0 that allows attackers to execute arbitrary SQL command...
📅 76 days ago • Dec 29, 2025This vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter in the /updatesupplier.php?action=edit endpoint of i...
📅 76 days ago • Dec 29, 2025CVE-2025-15165 is an SQL injection vulnerability in itsourcecode Online Cake Ordering System 1.0 that allows remote attackers to execute arbitrary SQL...
📅 76 days ago • Dec 29, 2025This CVE describes a SQL injection vulnerability in phpok3w's show.php file through manipulation of the ID parameter. Attackers can remotely exploit t...
📅 77 days ago • Dec 28, 2025This SQL injection vulnerability in the saiftheboss7 onlinemcqexam software allows attackers to manipulate database queries through the ans1/ans2 para...
📅 77 days ago • Dec 28, 2025This CVE describes an SQL injection vulnerability in FantasticLBP Hotels_Server's Room.php API endpoint. Attackers can exploit the hotelId parameter t...
📅 77 days ago • Dec 28, 2025Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
