🔥 Trending CVEs - Last 90 Days

This SQL injection vulnerability in Campcodes Complete Online Beauty Parlor Management System 1.0 allows attackers to execute arbitrary SQL commands t...

CVE-2025-14968 is an SQL injection vulnerability in Simple Stock System 1.0 that allows remote attackers to execute arbitrary SQL commands via the ema...

CVE-2025-14959 is an SQL injection vulnerability in Simple Stock System 1.0 that allows remote attackers to execute arbitrary SQL commands through the...

This vulnerability allows remote attackers to execute SQL injection attacks against the Scholars Tracking System 1.0 by manipulating the post_content ...

Campcodes Supplier Management System 1.0 contains a SQL injection vulnerability in the /admin/add_category.php file via the txtCategoryName parameter....

CVE-2025-14950 is an SQL injection vulnerability in code-projects Scholars Tracking System 1.0 that allows attackers to execute arbitrary SQL commands...

This SQL injection vulnerability in Scholars Tracking System 1.0 allows attackers to execute arbitrary SQL commands via the ID parameter in /admin/del...

Arduino IDE for macOS versions before 2.3.7 installs with world-writable file permissions on sensitive application components. This allows any local u...

This SQL injection vulnerability in Campcodes Supplier Management System 1.0 allows attackers to execute arbitrary SQL commands through the cmbAreaCod...

A vulnerability in Storybook versions 7.0.0 through 7.6.20, 8.0.0 through 8.6.14, 9.0.0 through 9.1.16, and 10.0.0 through 10.1.9 could expose sensiti...

This CVE describes a SQL injection vulnerability in code-projects Online Appointment Booking System 1.0. Attackers can remotely exploit the /admin/del...

CVE-2025-14832 is an SQL injection vulnerability in itsourcecode Online Cake Ordering System 1.0 that allows remote attackers to execute arbitrary SQL...

This SQL injection vulnerability in the COVID Tracking System Using QR-Code v1.0 allows attackers to execute arbitrary SQL commands through the 'id' p...

CVE-2026-3873 is a hard-coded credentials vulnerability in Avantra that allows attackers to bypass authentication and access functionality not properl...

This CVE describes a remote code execution vulnerability in the Advanced Woo Labels WordPress plugin. Attackers can inject malicious code that gets ex...

This vulnerability allows authenticated Splunk users with the 'edit_cmd' capability to execute arbitrary shell commands via the unarchive_cmd paramete...

The Name Directory WordPress plugin has a stored cross-site scripting vulnerability in the 'name_directory_name' parameter that allows unauthenticated...

This vulnerability allows unauthenticated attackers to inject malicious scripts via WooCommerce checkout fields. When administrators view order detail...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress lead form submissions. When administrators view these s...

A code injection vulnerability in MR-GM5L-S1 and MR-GM5A-L1 devices allows authenticated administrators to execute arbitrary commands on affected syst...

This vulnerability allows authenticated remote attackers with high privileges to perform command injection through a custom binary in AOS-CX Switches'...

This CVE describes a privilege escalation vulnerability in Umbraco CMS where authenticated backoffice users with user management permissions can assig...

CVE-2026-30958 is an unauthenticated path traversal vulnerability in OneUptime's workflow documentation endpoint that allows attackers to read arbitra...

This CVE describes an OS command injection vulnerability in Fortinet FortiSandbox Cloud 5.0.4 that allows privileged attackers with super-admin profil...

This CVE describes an authentication bypass vulnerability in Fortinet FortiAnalyzer and FortiManager products (both on-premises and cloud versions). A...

The MetForm Pro WordPress plugin has a stored XSS vulnerability in its Quiz feature that allows unauthenticated attackers to inject malicious scripts....

A format string vulnerability in Fortinet FortiAnalyzer and FortiManager products allows attackers to escalate privileges via specially crafted reques...

This CVE describes an OS command injection vulnerability in Fortinet FortiWeb web application firewalls. Authenticated attackers can execute arbitrary...

The WP App Bar WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into plugin settings....

The Meta Box WordPress plugin has an arbitrary file deletion vulnerability that allows authenticated attackers with Contributor-level access or higher...

The Easy PHP Settings WordPress plugin allows authenticated attackers with Administrator privileges to inject arbitrary PHP code into wp-config.php vi...

Chartbrew versions before 4.8.1 contain a remote code execution vulnerability in MongoDB dataset queries. Attackers can execute arbitrary code on the ...

A remote stack-based buffer overflow vulnerability in Wavlink WL-NU516U1 router's login.cgi component allows attackers to execute arbitrary code by ma...

This CVE describes a command injection vulnerability in Wavlink WL-NU516U1 routers that allows remote attackers to execute arbitrary commands on affec...

The Fluent Forms Pro WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into draft form...

This vulnerability allows authenticated local administrators in one context of Cisco ASA multi-context mode to copy files to/from other contexts via S...

This Server-Side Request Forgery (SSRF) vulnerability in the PostX WordPress plugin allows authenticated attackers with Administrator privileges to ma...

The WPBookit WordPress plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into w...

Multiple authenticated OS command injection vulnerabilities in Cohesity TranZman 4.0 allow authenticated admin users to execute arbitrary commands wit...

This vulnerability allows attackers to escalate privileges to root and read/write arbitrary files on Cohesity TranZman Migration Appliance systems due...

CVE-2025-63911 is an authenticated command injection vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614. This allows authe...

This vulnerability allows authenticated WordPress administrators to perform server-side request forgery (SSRF) attacks via the Uncanny Automator plugi...

This vulnerability in Vikunja allows attackers to overwrite arbitrary files on the host system by uploading a malicious ZIP archive during configurati...

This vulnerability allows attackers to bypass Coturn's IP address restrictions by using IPv4-mapped IPv6 addresses. Attackers can send CreatePermissio...

This CVE describes a post-authentication command injection vulnerability in Zyxel VMG3625-T50B devices. An authenticated attacker with administrator p...

A buffer overflow vulnerability in the UTT HiPER 810G router's administrative interface allows remote attackers to execute arbitrary code by manipulat...

This CVE describes a remote buffer overflow vulnerability in UTT HiPER 810G routers. Attackers can exploit the strcpy function in the ConfigExceptMSN ...

This vulnerability in Moodle's backup restore functionality allows authenticated privileged users to upload specially crafted backup files that bypass...

This CVE describes a remote command injection vulnerability in the UTT HiPER 520 router's web management interface. Attackers can execute arbitrary op...

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability in the schedule endpoint. Attackers can inject malicious JavaScript vi...