🔥 Trending CVEs - Last 90 Days

This critical vulnerability in Ivanti Endpoint Manager Mobile allows unauthenticated attackers to inject malicious code and execute arbitrary commands...

CVE-2026-1281 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows unauthenticated attackers to execute arb...

This vulnerability in N3uron Web User Interface v1.21.7-240207.1047 allows remote attackers to escalate privileges by exploiting weak client-side pass...

An unauthenticated attacker can create or delete administrator accounts on KiloView Encoder Series devices, granting full administrative control. This...

CVE-2026-1188 is a buffer overflow vulnerability in Eclipse OMR's port library component where an API function fails to properly account for separator...

A heap buffer overflow vulnerability in bulk_extractor's embedded unrar code allows attackers to trigger out-of-bounds writes when processing crafted ...

CVE-2025-61140 is a prototype pollution vulnerability in jsonpath 1.1.1 that allows attackers to modify object prototypes, potentially leading to remo...

SolarWinds Web Help Desk has an unauthenticated remote code execution vulnerability via untrusted data deserialization. Attackers can execute arbitrar...

SolarWinds Web Help Desk contains an authentication bypass vulnerability that allows attackers to execute privileged actions without valid credentials...

SolarWinds Web Help Desk has an unauthenticated remote code execution vulnerability via untrusted data deserialization. Attackers can exploit this to ...

SolarWinds Web Help Desk contains an authentication bypass vulnerability that allows attackers to execute specific actions without proper credentials....

CVE-2026-24770 is a critical Zip Slip vulnerability in RAGFlow's MinerU parser that allows attackers to overwrite arbitrary files on the server via ma...

This authentication bypass vulnerability in Juniper Session Smart products allows network-based attackers to gain administrative control without valid...

This authentication bypass vulnerability allows attackers with a FortiCloud account and registered device to log into other organizations' Fortinet de...

CVE-2025-69564 is a critical SQL injection vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to execute arbitrary...

Computer Book Store 1.0 contains an unrestricted file upload vulnerability in admin_add.php that allows attackers to upload malicious files. This can ...

CVE-2025-69562 is a critical SQL injection vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to execute arbitrary...

CVE-2025-69563 is a critical SQL injection vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to execute arbitrary...

CVE-2026-24872 is an improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548 that could allow attackers to execute arbitrary code or c...

CVE-2026-24832 is an out-of-bounds write vulnerability in ixray-team's ixray-1.6-stcop software that allows attackers to write data beyond allocated m...

CVE-2025-69565 is an unrestricted file upload vulnerability in code-projects Mobile Shop Management System 1.0 that allows attackers to upload malicio...

This vulnerability allows attackers to trigger a stack buffer overflow by sending maliciously crafted CMS AuthEnvelopedData messages with oversized IV...

Dirsearch 0.4.1 contains a CSV injection vulnerability that allows attackers to inject Excel formulas into generated CSV reports. When attackers contr...

CVE-2021-47900 is a critical remote code execution vulnerability in Gila CMS that allows unauthenticated attackers to execute arbitrary system command...

An integer overflow vulnerability in Ralim IronOS firmware allows attackers to cause memory corruption through improper arithmetic operations. This af...

This CVE describes a vulnerability in the ROOT data analysis framework's built-in zlib modules, specifically in the inffast.C program files. The vulne...

This CVE describes a classic buffer overflow vulnerability in AzerothCore's Wrath of the Lich King implementation, specifically in the zlib dependency...

This vulnerability allows attackers to achieve remote code execution by uploading malicious ZIP archives containing path traversal sequences. The flaw...

This vulnerability in vm2 sandbox for Node.js allows attackers to bypass Promise callback sanitization and escape the sandbox environment. Attackers c...

This vulnerability allows attackers to perform unlimited brute-force attacks against administrative credentials on Tenda W30E V2 routers. Attackers ca...

This vulnerability allows attackers to use hardcoded default credentials to gain administrative access to Tenda W30E V2 routers. Anyone using affected...

The Kalrav AI Agent WordPress plugin allows unauthenticated attackers to upload arbitrary files due to missing file type validation. This vulnerabilit...

This vulnerability allows remote code execution through malicious web pages containing specially crafted GPU shader code. When loaded, it triggers a u...

This vulnerability allows attackers to inject malicious arguments into Salesforce Marketing Cloud commands through the CloudPagesUrl module, potential...

This CVE describes a broken cryptographic algorithm vulnerability in Salesforce Marketing Cloud Engagement that allows attackers to manipulate web ser...

A hard-coded cryptographic key vulnerability in Salesforce Marketing Cloud Engagement allows attackers to manipulate web services protocols by bypassi...

This vulnerability allows attackers to inject malicious arguments into Salesforce Marketing Cloud commands through the MicrositeUrl module, potentiall...

This vulnerability allows unauthenticated attackers to upload malicious PHP files disguised as images to the Modern Image Gallery App v1.0. Successful...

This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands on SmarterMail servers by pointing them to maliciou...

An improper certificate validation vulnerability in ToDesktop Builder v0.32.1 allows an unauthenticated, on-path attacker to spoof backend responses b...

CVE-2022-25369 is an authentication bypass vulnerability in Dynamicweb CMS that allows unauthenticated attackers to create new administrator accounts....

CVE-2021-47891 is a critical remote code execution vulnerability in Unified Remote 3.9.0.2463 that allows attackers to send crafted network packets to...

This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain administrator privileges by manipulating the web front-en...

CVE-2026-1364 is a critical missing authentication vulnerability in IAQS and I6 systems developed by JNC. Unauthenticated remote attackers can directl...

CVE-2026-0793 is a heap-based buffer overflow vulnerability in the InformaCast functionality of ALGO 8180 IP Audio Alerter devices, allowing remote at...

CVE-2026-0794 is a use-after-free vulnerability in ALGO 8180 IP Audio Alerter devices that allows remote attackers to execute arbitrary code without a...

CVE-2026-0787 is a command injection vulnerability in ALGO 8180 IP Audio Alerter devices that allows unauthenticated remote attackers to execute arbit...

This vulnerability allows remote attackers to execute arbitrary code on ALGO 8180 IP Audio Alerter devices without authentication by sending specially...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on ALGO 8180 IP Audio Alerter devices by sending specially crafte...