🔥 Trending CVEs - Last 90 Days

This stored XSS vulnerability in the Dinatur WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when ...

This is a reflected cross-site scripting (XSS) vulnerability in the Dooodl WordPress plugin that allows attackers to inject malicious scripts into web...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the bidorbuy Store Integrator WordPress plugin. When users...

This vulnerability allows attackers to inject malicious scripts into the WP Simple Redirect WordPress plugin, which are then reflected back to users' ...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Ravpage WordPress plugin. Attackers can inject malicious scripts via cr...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the MemberPress Discord Addon WordPress plugin. When users...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Easy Theme Options WordPress plugin. When users visit ...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Quote Master WordPress plugin. When users visit specia...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the wpCAS WordPress plugin, which are then executed in vic...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Syntax Highlighter Compress WordPress plugin. When use...

This reflected cross-site scripting (XSS) vulnerability in the Hoteller WordPress theme allows attackers to inject malicious scripts into web pages by...

This is a reflected cross-site scripting (XSS) vulnerability in the DotLife WordPress theme that allows attackers to inject malicious scripts into web...

This DOM-based XSS vulnerability in the Craft Coffee Shop WordPress theme allows attackers to inject malicious scripts into web pages viewed by users....

This stored cross-site scripting (XSS) vulnerability in the Codisto Omnichannel for WooCommerce plugin allows attackers to inject malicious scripts in...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP Mail plugin, which are then executed in victims' br...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Netgsm WordPress plugin. When users visit specially cr...

This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users through improper input sanitization in the GLS Sh...

This stored cross-site scripting (XSS) vulnerability in the CodeColorer WordPress plugin allows attackers to inject malicious scripts into web pages t...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the My Post Order WordPress plugin. When users visit a spe...

This is a reflected cross-site scripting (XSS) vulnerability in the WorkScout WordPress theme. Attackers can inject malicious scripts via crafted URLs...

This is a reflected cross-site scripting (XSS) vulnerability in the WorkScout-Core WordPress plugin that allows attackers to inject malicious scripts ...

This is a reflected cross-site scripting (XSS) vulnerability in the favethemes Homey Core WordPress plugin. Attackers can inject malicious scripts via...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the AdForest Elementor WordPress plugin. When users visit ...

This Cross-Site Scripting (XSS) vulnerability in the Hostiko WordPress theme allows attackers to inject malicious scripts into web pages viewed by oth...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Grand Tour WordPress theme. When users visit a special...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the My auctions allegro WordPress plugin. When users visit...

This reflected cross-site scripting (XSS) vulnerability in the CleverSoft Anon WordPress theme allows attackers to inject malicious scripts into web p...

This Cross-Site Scripting (XSS) vulnerability in the Crocoblock JetEngine WordPress plugin allows attackers to inject malicious scripts into web pages...

This is a reflected cross-site scripting (XSS) vulnerability in the TheNa WordPress theme that allows attackers to inject malicious scripts into web p...

CVE-2026-24049 is a path traversal vulnerability in Python's wheel tool (versions 0.40.0-0.46.1) that allows attackers to modify file permissions of c...

This CVE describes a symlink-based path traversal vulnerability in Backstage's Scaffolder component. Attackers with template creation/execution privil...

CVE-2026-23986 is a path traversal vulnerability in Copier project template tool that allows malicious templates to write files outside the intended d...

SEO Panel versions before 4.9.0 contain a blind SQL injection vulnerability in the archive.php page. Authenticated attackers can inject malicious SQL ...

This vulnerability in Apache Solr allows attackers to bypass path restrictions and read unauthorized files from the filesystem when creating new cores...

An unauthenticated local attacker can cause a denial-of-service (DoS) crash in Oracle VM VirtualBox on Windows hosts. This vulnerability affects Virtu...

This vulnerability in Oracle Business Intelligence Enterprise Edition allows authenticated attackers with local access to the infrastructure to manipu...

A Node.js vulnerability in the vm module's buffer allocation can expose uninitialized memory when timeouts interrupt allocations. This may leak sensit...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the teklifolustur_app PHP application. Authenticated users can manipula...

This vulnerability allows a standard local user without administrative privileges to execute privileged update commands via Microsoft Edge's Elevation...

This vulnerability in MIT Kerberos 5 allows authenticated attackers to trigger an integer overflow in the kadmind daemon's log handling code, leading ...

The Process Optimization application suite uses unencrypted communication channels by default, allowing attackers to intercept, modify, or steal sensi...

A use-after-free vulnerability in Juniper's 802.1X authentication daemon (dot1xd) allows authenticated, network-adjacent attackers to crash the daemon...

Docmost versions 0.21.0 through 0.23.x contain a ZipSlip vulnerability in the zip import feature that allows attackers to write arbitrary files to any...

This vulnerability in key-based pairing allows attackers within proximity to intercept and access users' conversations and location data without requi...

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php. This allows attackers with valid ...

This CSRF vulnerability in the DASHBOARD BUILDER WordPress plugin allows unauthenticated attackers to trick administrators into modifying SQL queries ...

This vulnerability allows authenticated GitLab users to access and use AI model settings from namespaces they shouldn't have access to by manipulating...

This vulnerability allows attackers to inject malicious scripts into Pinpoll WordPress plugin pages, which execute in victims' browsers when they visi...

This vulnerability allows attackers to inject malicious scripts into WordPress sites using the WP App Bar plugin. When users click specially crafted l...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the PRIMER by chloédigital WordPress plugin. When users v...