🔥 Trending CVEs - Last 30 Days

This CVE describes an OS command injection vulnerability in TOTOLINK X6000R routers. Authenticated attackers can execute arbitrary shell commands by e...

This CVE describes a buffer overflow vulnerability in UTT HiPER 810G routers through manipulation of the GroupName parameter. Attackers can remotely e...

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-ur...

A remote stack-based buffer overflow vulnerability exists in D-Link DWR-M960 routers through the Scheduled Reboot Configuration endpoint. Attackers ca...

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the save_appl...

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-ur...

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-ur...

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-ur...

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-ur...

A remote stack-based buffer overflow vulnerability in Tenda HG9 routers allows attackers to execute arbitrary code by manipulating the pingAddr parame...

This vulnerability allows remote attackers to execute arbitrary code on Tenda HG9 routers via a stack-based buffer overflow in the Diagnostic Ping End...

This vulnerability allows remote attackers to execute arbitrary code on Tenda HG9 routers via a stack-based buffer overflow in the GPON configuration ...

A stack-based buffer overflow vulnerability in Tenda HG9 routers allows remote attackers to execute arbitrary code by manipulating the ssid parameter ...

A buffer overflow vulnerability in the UTT HiPER 810G router's web interface allows remote attackers to execute arbitrary code by exploiting the strcp...

A remote stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows attackers to execute arbitrary code by manipulating the submit-ur...

A remote stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows attackers to execute arbitrary code by manipulating the submit-ur...

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-ur...

A stack-based buffer overflow vulnerability in Tenda A18 routers allows remote attackers to execute arbitrary code by exploiting the strcpy function i...

A stack-based buffer overflow vulnerability in Tenda A21 routers allows remote attackers to execute arbitrary code by manipulating the SSID parameter....

A stack-based buffer overflow vulnerability in Tenda A21 routers allows remote attackers to execute arbitrary code by manipulating time parameters in ...

CVE-2026-2871 is a remote stack-based buffer overflow vulnerability in Tenda A21 routers. Attackers can exploit this to execute arbitrary code or cras...

A stack-based buffer overflow vulnerability in Tenda A21 routers allows remote attackers to execute arbitrary code by manipulating the QoS configurati...

ZoneMinder versions 1.36.37 and below and 1.37.61 through 1.38.0 contain a second-order SQL injection vulnerability in the web/ajax/status.php file. A...

This vulnerability allows authenticated users with editor roles in Formwork CMS to create new accounts with administrative privileges. It affects all ...

CVE-2026-27168 is a heap-based buffer overflow vulnerability in SAIL's XWD image parser that allows attackers to execute arbitrary code or cause denia...

This vulnerability allows authenticated remote attackers to execute arbitrary commands on Nagios Host installations through command injection in the m...

This vulnerability allows remote authenticated attackers to bypass authentication and execute arbitrary code with SYSTEM privileges on GFI Archiver in...

phpMoAdmin 1.1.5 contains a CSRF vulnerability that allows attackers to trick authenticated administrators into performing unauthorized database opera...

CVE-2018-25158 is an arbitrary file upload vulnerability in Chamilo LMS that allows authenticated users to upload PHP files disguised as images, then ...

A stack-based buffer overflow vulnerability in the D-Link DWR-M960 router's port forwarding configuration endpoint allows remote attackers to execute ...

A stack-based buffer overflow vulnerability in D-Link DWR-M960 routers allows remote attackers to execute arbitrary code by manipulating the submit-ur...

This vulnerability allows remote attackers to execute arbitrary code on D-Link DWR-M960 routers through a stack-based buffer overflow in the DDNS sett...

OpenSourcePOS 3.4.1 contains a Local File Inclusion vulnerability that allows attackers to read arbitrary files on the web server by manipulating invo...

This vulnerability allows attackers to inject malicious objects through deserialization of untrusted data in the Dotstore Woocommerce Category Banner ...

This CVE describes a PHP object injection vulnerability in the WordPress Slider Responsive Slideshow plugin, allowing attackers to execute arbitrary c...

This CVE describes a PHP object injection vulnerability in the PeakShops WordPress theme caused by unsafe deserialization of user-controlled data. Att...

This CVE describes a PHP object injection vulnerability in the Kleor Contact Manager WordPress plugin. Attackers can exploit insecure deserialization ...

This CVE describes a PHP object injection vulnerability in the ModelTheme Addons for WPBakery and Elementor WordPress plugin. Attackers can exploit in...

This vulnerability allows attackers to bypass authentication in the Miraculous Elementor WordPress plugin, potentially gaining unauthorized access to ...

LibreNMS versions 25.12.0 and below contain a time-based blind SQL injection vulnerability in the address-search functionality. Authenticated attacker...

CVE-2026-26065 is a path traversal vulnerability in calibre's PDB readers that allows attackers to write arbitrary files anywhere the user has write p...

CVE-2026-26975 is a critical path traversal vulnerability in Music Assistant that allows unauthenticated attackers on the same network to write arbitr...

OpenClaw versions 2026.1.8 through 2026.2.13 have a command injection vulnerability in a developer script that processes git commit metadata. When mai...

Dell Unisphere for PowerMax versions 10.2 contain a missing authorization vulnerability that allows low-privileged remote attackers to gain unauthoriz...

This CVE describes a PHP object injection vulnerability in the Valenti WordPress theme caused by unsafe deserialization of untrusted data. Attackers c...

This CVE describes an access control bypass vulnerability in Gogs self-hosted Git service where users with Write permissions can delete protected bran...

The Toret Manager WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to ...

This vulnerability in the IDonate WordPress plugin allows authenticated attackers with Subscriber-level access or higher to escalate privileges to adm...

The WP AUDIO GALLERY WordPress plugin up to version 2.0 allows authenticated attackers with subscriber-level access or higher to overwrite the site's ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to access plugin table data containing email logs. Atta...