🔥 Trending CVEs - Last 90 Days

This vulnerability allows authenticated attackers to upload arbitrary files to mobility conductors running AOS-10 or AOS-8 operating systems. Successf...

A stack overflow vulnerability in the AOS-10 web management interface of HPE Mobility Gateway allows authenticated attackers to execute arbitrary code...

Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow attackers with valid credentials to execute arbitrary...

This vulnerability in SQL Server allows attackers with existing network access to bypass authentication checks and execute privileged functions. It af...

This SQL injection vulnerability in Fortinet FortiClientEMS allows authenticated attackers with read-only admin permissions to execute unauthorized SQ...

Gin-vue-admin versions up to 2.8.7 contain a path traversal vulnerability in the breakpoint resume upload functionality. Attackers with file upload pr...

Vivotek IP7137 cameras with vulnerable firmware allow authenticated attackers to execute arbitrary system commands via command injection in the system...

This vulnerability in the Eventin WordPress plugin allows unauthenticated attackers to modify plugin settings and inject malicious scripts. Attackers ...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the Frontend Admin plugin. The injected ...

The SlimStat Analytics WordPress plugin has a stored XSS vulnerability in versions up to 5.3.4 that allows unauthenticated attackers to inject malicio...

The SlimStat Analytics WordPress plugin has a stored XSS vulnerability in all versions up to 5.3.3. Unauthenticated attackers can inject malicious scr...

OpenMetadata versions before 1.11.4 contain a Server-Side Template Injection vulnerability in FreeMarker email templates that allows remote code execu...

CVE-2026-22241 is an arbitrary file upload vulnerability in Open eClass (formerly GUnet eClass) that allows authenticated administrators to upload mal...

This vulnerability in NiceGUI allows attackers to manipulate URL fragment identifiers via cross-site iframe attacks, potentially enabling UI manipulat...

This CVE describes a time-based blind SQL injection vulnerability in Tarkov Data Manager's webhook edit and scanner API endpoints. Authenticated attac...

This vulnerability allows remote attackers to execute arbitrary operating system commands on TRENDnet TEW-811DRU routers by manipulating the DeviceURL...

This vulnerability allows authenticated remote code execution in Craft CMS when an attacker with administrator access uploads a malicious Behavior att...

CVE-2025-66648 is a cross-site scripting (XSS) vulnerability in vega-functions library that allows attackers to execute arbitrary JavaScript code by e...

This vulnerability allows authenticated users with high privileges to inject arbitrary operating system commands through backup configuration paramete...

Signal K Server versions before 2.19.0 allow authenticated administrators to install npm packages from arbitrary sources via the appstore interface. T...

CVE-2022-50787 is an unauthenticated stored cross-site scripting vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco software versions 2.x. Attackers can i...

This vulnerability allows authenticated WordPress administrators to execute arbitrary PHP code on servers running the Lucky Wheel for WooCommerce plug...

The Advanced Ads WordPress plugin up to version 2.0.14 contains a remote code execution vulnerability via the 'change-ad__content' shortcode parameter...

A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by sending specially crafted HTTP...

This vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP request hand...

A stack-based buffer overflow vulnerability in Tenda WH450 router firmware version 1.0.0.18 allows remote attackers to execute arbitrary code by manip...

A stack-based buffer overflow vulnerability in Tenda WH450 router firmware version 1.0.0.18 allows remote attackers to execute arbitrary code by sendi...

This vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the SafeEmailFilter f...

A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parame...

A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by manipulating the 'page' parame...

This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers via a stack-based buffer overflow in the PPTPServer compon...

A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execute arbitrary code by manipulating the 'delno' param...

This vulnerability allows remote attackers to execute arbitrary commands on affected camera systems due to improper input validation in video analytic...

This vulnerability in BlueChi allows a root user on a managed node to create or modify systemd service unit files on the host node, leading to privile...

This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands on DreamFactory instances. Attackers can achie...

PhotoShow 3.0 contains a remote code execution vulnerability where authenticated administrators can inject malicious commands through the exiftran pat...

This vulnerability allows unauthenticated attackers to bypass authentication in Mattermost's Jira plugin and make authenticated requests to Jira serve...

This SQL injection vulnerability in Centreon's Open-tickets module allows authenticated users with elevated privileges to execute arbitrary SQL comman...

The SureForms WordPress plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into ...

The ELEX WordPress HelpDesk & Customer Ticketing System plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject maliciou...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the HTML5 Audio Player WordPress plugin. Unauthenticated attackers can exploi...

The Ocean Modal Window WordPress plugin before version 2.3.3 contains a remote code execution vulnerability. Attackers can exploit this by manipulatin...

This CVE describes a cross-site scripting (XSS) vulnerability in Vega visualization components that allows authenticated users to inject malicious scr...

This vulnerability in Microsoft Purview allows authenticated attackers to execute arbitrary code remotely by exploiting improper input validation in p...

This CVE describes a command injection vulnerability in the firmware update service of D-Link DIR-605 routers with firmware version 202WWB03. Attacker...

This vulnerability allows attackers to escalate privileges in WordPress sites using the PostX (ultimate-post) plugin. Attackers can gain administrativ...

This vulnerability allows attackers to escalate privileges in the Custom Fields Account Registration For Woocommerce WordPress plugin. Attackers can g...

This vulnerability allows authenticated attackers to execute arbitrary operating system commands on Ruijie Networks AP180 series wireless access point...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail that allows attackers to inject malicious scripts via the animate t...

Roundcube Webmail contains an information disclosure vulnerability in its HTML style sanitizer that could allow attackers to extract sensitive data fr...