🔥 Trending CVEs - Last 90 Days
4,393 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This CVE describes a remote command injection vulnerability in Advantech WISE-6610 devices. Attackers can execute arbitrary operating system commands ...
📅 25 days ago • Feb 18, 2026MajorDoMo contains an unauthenticated stored XSS vulnerability that allows attackers to inject malicious JavaScript into property values. When adminis...
📅 25 days ago • Feb 18, 2026This vulnerability allows authenticated attackers with Shop Manager or higher WordPress roles to execute arbitrary PHP code on the server. The flaw ex...
📅 25 days ago • Feb 18, 2026The Rent Fetch WordPress plugin contains a stored cross-site scripting (XSS) vulnerability in the 'keyword' parameter that allows unauthenticated atta...
📅 25 days ago • Feb 18, 2026This CVE-2026-2615 is a command injection vulnerability in Wavlink WL-NU516U1 routers that allows remote attackers to execute arbitrary commands on af...
📅 26 days ago • Feb 17, 2026The RSS Aggregator WordPress plugin is vulnerable to reflected cross-site scripting (XSS) via the 'template' parameter. Unauthenticated attackers can ...
📅 26 days ago • Feb 17, 2026A remote stack-based buffer overflow vulnerability exists in Wavlink WL-NU516U1 routers through firmware version 130/260. Attackers can exploit this b...
📅 27 days ago • Feb 16, 2026This stored XSS vulnerability in Smoothwall Express allows attackers to inject malicious JavaScript through modem.cgi POST parameters. When users acce...
📅 27 days ago • Feb 16, 2026This stored and reflected XSS vulnerability in Smoothwall Express allows attackers to inject malicious JavaScript via the urlfilter.cgi endpoint. When...
📅 27 days ago • Feb 16, 2026This cross-site scripting (XSS) vulnerability in SmarterMail allows attackers to inject malicious scripts via MAPI requests. It affects organizations ...
📅 27 days ago • Feb 16, 2026The Super Page Cache WordPress plugin has a stored cross-site scripting vulnerability in its Activity Log feature. Unauthenticated attackers can injec...
📅 29 days ago • Feb 14, 2026The User Language Switch WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated administrators to make...
📅 29 days ago • Feb 14, 2026This vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in victims' browsers via the 'sscf_name' parameter in the Super Si...
📅 29 days ago • Feb 14, 2026The PixelYourSite WordPress plugin is vulnerable to stored cross-site scripting (XSS) via insufficient input sanitization in the 'pysTrafficSource' an...
📅 30 days ago • Feb 13, 2026The Secure Copy Content Protection and Content Locking WordPress plugin is vulnerable to stored cross-site scripting (XSS) via the 'X-Forwarded-For' H...
📅 31 days ago • Feb 12, 2026This stored XSS vulnerability in the Customer Reviews for WooCommerce WordPress plugin allows attackers to inject malicious scripts into web pages via...
📅 31 days ago • Feb 12, 2026The iONE360 configurator WordPress plugin has a stored XSS vulnerability in its contact form parameters that allows unauthenticated attackers to injec...
📅 32 days ago • Feb 11, 2026The Lucky Wheel Giveaway WordPress plugin contains a remote code execution vulnerability in all versions up to 1.0.22. Authenticated attackers with Ad...
📅 33 days ago • Feb 11, 2026The Name Directory WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts via public submis...
📅 33 days ago • Feb 10, 2026This CVE describes a remote command injection vulnerability in D-Link DCS-931L IP cameras. Attackers can execute arbitrary operating system commands b...
📅 33 days ago • Feb 10, 2026This vulnerability allows authenticated attackers with Shop Manager or higher privileges in WordPress to modify arbitrary site options due to missing ...
📅 34 days ago • Feb 10, 2026CVE-2026-25951 is a path traversal vulnerability in FUXA web-based SCADA/HMI software that allows authenticated administrators to bypass directory pro...
📅 34 days ago • Feb 9, 2026This is a Remote Code Execution vulnerability in Craft CMS that allows authenticated administrators to execute arbitrary system commands on the server...
📅 34 days ago • Feb 9, 2026This CVE describes a remote command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary operating system commands by m...
📅 34 days ago • Feb 9, 2026A stack-based buffer overflow vulnerability exists in Tenda AC9 routers running firmware version 15.03.06.42_multi. Remote attackers can exploit this ...
📅 35 days ago • Feb 8, 2026This CVE describes a stack-based buffer overflow vulnerability in Tenda AC9 routers' formGetRebootTimer function. Attackers can exploit this remotely ...
📅 35 days ago • Feb 8, 2026This vulnerability allows remote attackers to execute arbitrary operating system commands on UTT 进取 521G devices through command injection in the ...
📅 35 days ago • Feb 8, 2026This vulnerability allows remote attackers to execute arbitrary commands on UTT 进取 521G devices by injecting malicious input into the password par...
📅 35 days ago • Feb 8, 2026This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers that allows remote attackers to execute arbitrary commands on affe...
📅 35 days ago • Feb 8, 2026This CVE describes a remote command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary operating system commands by m...
📅 35 days ago • Feb 8, 2026This CVE describes a remote command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary operating system commands by m...
📅 35 days ago • Feb 8, 2026This CVE describes a remote command injection vulnerability in D-Link DIR-615 routers through the web configuration interface. Attackers can execute a...
📅 35 days ago • Feb 8, 2026This CVE describes an OS command injection vulnerability in D-Link DIR-615 routers affecting the DMZ Host feature. Attackers can execute arbitrary com...
📅 35 days ago • Feb 8, 2026This CVE describes a remote command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary operating system commands by m...
📅 35 days ago • Feb 8, 2026This CVE describes a remote OS command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary commands on affected device...
📅 35 days ago • Feb 8, 2026This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers that allows remote attackers to execute arbitrary commands on affe...
📅 36 days ago • Feb 8, 2026This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by injecting malicious input into the Isp_Name param...
📅 36 days ago • Feb 8, 2026This CVE describes a remote command injection vulnerability in D-Link DIR-823X routers. Attackers can execute arbitrary operating system commands by m...
📅 36 days ago • Feb 8, 2026This CVE describes a command injection vulnerability in D-Link DWR-M921 routers via the USSD configuration endpoint. Attackers can execute arbitrary c...
📅 36 days ago • Feb 7, 2026This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers. Attackers can remotely execute arbitrary commands by manipulating...
📅 36 days ago • Feb 7, 2026This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by injecting malicious input into the password param...
📅 36 days ago • Feb 7, 2026A prototype pollution vulnerability in AdonisJS multipart form-data parsing allows remote attackers to manipulate object prototypes at runtime. This c...
📅 37 days ago • Feb 6, 2026A remote code execution vulnerability in ChestnutCMS v1.5.8 and earlier allows attackers to execute arbitrary code through the template creation funct...
📅 38 days ago • Feb 5, 2026This vulnerability allows authenticated TeamViewer users to bypass the 'Allow after confirmation' security setting during remote sessions. Attackers w...
📅 38 days ago • Feb 5, 2026The All In One Image Viewer Block WordPress plugin has a Server-Side Request Forgery (SSRF) vulnerability that allows unauthenticated attackers to mak...
📅 38 days ago • Feb 5, 2026This CVE describes a post-authentication command injection vulnerability in Zyxel firewall devices. An authenticated attacker with administrator privi...
📅 39 days ago • Feb 5, 2026A command injection vulnerability in n8n's community package installation functionality allows authenticated administrators to execute arbitrary syste...
📅 39 days ago • Feb 4, 2026This vulnerability in Blesta billing software allows attackers to perform object injection attacks by sending specially crafted data. This affects all...
📅 40 days ago • Feb 3, 2026An OS command injection vulnerability in ELECOM WRC-X1500GS-B and WRC-X1500GSA-B wireless routers allows authenticated attackers to execute arbitrary ...
📅 40 days ago • Feb 3, 2026This stored XSS vulnerability in the LatePoint WordPress plugin allows unauthenticated attackers to inject malicious scripts into customer profile fie...
📅 40 days ago • Feb 3, 2026Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
