🔥 Trending CVEs - Last 90 Days
4,371 critical and high-severity vulnerabilities discovered in the last 90 days. Stay ahead of emerging threats with real-time CVE tracking and instant security alerts.
Critical & High-Risk CVEs
This vulnerability allows attackers to inject malicious scripts into web pages generated by the WP-BusinessDirectory WordPress plugin. When users visi...
📅 67 days ago • Jan 8, 2026This vulnerability involves undefined behavior in the CIccTagSpectralViewingConditions() function of the iccDEV library, which could lead to crashes, ...
📅 67 days ago • Jan 7, 2026This vulnerability involves undefined behavior in the CIccTagLut16::Read() function of the iccDEV library, which could lead to memory corruption when ...
📅 67 days ago • Jan 7, 2026This vulnerability involves undefined behavior in the CIccTagLutAtoB::Validate() function of the iccDEV library, which could lead to crashes, memory c...
📅 67 days ago • Jan 7, 2026CVE-2026-21687 is an undefined behavior vulnerability in the CIccTagCurve constructor of the iccDEV library that processes ICC color profiles. This co...
📅 67 days ago • Jan 7, 2026Bio-Formats up to version 8.3.0 contains an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parser. This allows attackers t...
📅 67 days ago • Jan 7, 2026CVE-2026-21681 is an undefined behavior runtime error in iccDEV library versions before 2.3.1.2 that could lead to crashes or potentially arbitrary co...
📅 67 days ago • Jan 7, 2026This vulnerability allows authenticated attackers to modify the behavior of arbitrary LibreChat agents by uploading files to file contexts or file sea...
📅 67 days ago • Jan 7, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by WidgetKit Pro, a WordPress plugin. When users visit a spec...
📅 67 days ago • Jan 7, 2026This Cross-Site Scripting (XSS) vulnerability in the Frenify Arlo WordPress theme allows attackers to inject malicious scripts into web pages viewed b...
📅 67 days ago • Jan 7, 2026This vulnerability allows attackers to inject malicious scripts into DZS Video Gallery WordPress plugin pages, which execute in victims' browsers when...
📅 67 days ago • Jan 7, 2026The WP Photo Album Plus WordPress plugin contains a reflected cross-site scripting vulnerability in the 'shortcode' parameter that allows unauthentica...
📅 67 days ago • Jan 7, 2026This reflected cross-site scripting (XSS) vulnerability in the WPCHURCH WordPress plugin allows attackers to inject malicious scripts into web pages v...
📅 68 days ago • Jan 7, 2026This CVE describes a reflected cross-site scripting (XSS) vulnerability in two WordPress plugins. Attackers can inject malicious scripts via crafted U...
📅 68 days ago • Jan 6, 2026A reflected cross-site scripting (XSS) vulnerability in GT3 themes Photo Gallery WordPress plugin allows attackers to inject malicious scripts into we...
📅 68 days ago • Jan 6, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the JobBank WordPress plugin, which are then executed in v...
📅 68 days ago • Jan 6, 2026This vulnerability allows attackers to inject malicious scripts into web pages generated by the Header Image Slider WordPress plugin. When users visit...
📅 68 days ago • Jan 6, 2026This vulnerability allows attackers to delete other users' workspaces in OpenCTI by exploiting an authorization flaw in the GraphQL mutation 'Workspac...
📅 69 days ago • Jan 5, 2026An Insecure Direct Object Reference vulnerability in Bagisto eCommerce platform allows authenticated customers to add items from other customers' orde...
📅 72 days ago • Jan 2, 2026This vulnerability in Plex Media Server allows attackers to access account information using device tokens even after devices have been disassociated ...
📅 72 days ago • Jan 2, 2026This Cross-Site Scripting (XSS) vulnerability in the Easy Social WordPress plugin allows attackers to inject malicious scripts into web pages viewed b...
📅 74 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Themefy Bloggie WordPress theme allows attackers to inject malicious scripts via reflected XS...
📅 74 days ago • Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into ZoomSounds WordPress plugin pages, which execute in victims' browsers when they v...
📅 74 days ago • Dec 31, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Blappsta Mobile App Plugin for WordPress. Attackers can inject malicious scripts v...
📅 74 days ago • Dec 31, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Sala WordPress theme that allows attackers to inject malicious scripts into web pa...
📅 74 days ago • Dec 31, 2025This reflected cross-site scripting (XSS) vulnerability in the Zielke Design Project Gallery WordPress plugin allows attackers to inject malicious scr...
📅 74 days ago • Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Matamko En Masse WordPress plugin. When users visit a ...
📅 74 days ago • Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the ZhinaTwitterWidget WordPress plugin. When users visit ...
📅 74 days ago • Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the ZD Scribd iPaper WordPress plugin. When users visit a ...
📅 74 days ago • Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the WordPress Custom Post Edit plugin. When users visit a ...
📅 74 days ago • Dec 31, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the LIVE TV WordPress plugin. When users visit a specially...
📅 74 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Zoho ZeptoMail WordPress plugin allows attackers to inject malicious scripts that become stored X...
📅 75 days ago • Dec 31, 2025This CSRF vulnerability in the WordPress Noindex by Path plugin allows attackers to trick authenticated administrators into performing unintended acti...
📅 75 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Recent Posts From Each Category plugin allows attackers to inject malicious scripts...
📅 75 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Page Carbajal Custom Post Status WordPress plugin allows attackers to perform stored cross-si...
📅 75 days ago • Dec 31, 2025This CSRF vulnerability in the Wolfgang Häfelinger Custom Style WordPress plugin allows attackers to trick authenticated administrators into performi...
📅 75 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Social Profilr WordPress plugin allows attackers to inject malicious scripts that e...
📅 75 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress SensitiveTagCloud plugin allows attackers to inject malicious scripts that execute ...
📅 75 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WP-EasyArchives WordPress plugin allows attackers to inject malicious scripts that execute wh...
📅 75 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the eLEOPARD Behance Portfolio Manager WordPress plugin allows attackers to inject malicious scri...
📅 75 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Simple Archive Generator plugin allows attackers to trick authenticated administrat...
📅 75 days ago • Dec 31, 2025A Cross-Site Request Forgery (CSRF) vulnerability in the Hoernerfranz WP-CalDav2ICS WordPress plugin allows attackers to perform unauthorized actions ...
📅 75 days ago • Dec 30, 2025TrueConf Client 8.5.2 is vulnerable to DLL hijacking where attackers can place a malicious wfapi.dll file to execute arbitrary code. This affects loca...
📅 75 days ago • Dec 30, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Ads24 Lite WordPress plugin. When users visit a specia...
📅 76 days ago • Dec 30, 2025This CVE describes a reflected cross-site scripting (XSS) vulnerability in the Sleekplan WordPress plugin. Attackers can inject malicious scripts via ...
📅 76 days ago • Dec 30, 2025This reflected cross-site scripting (XSS) vulnerability in the WordPress Product Puller plugin allows attackers to inject malicious scripts into web p...
📅 76 days ago • Dec 30, 2025This reflected cross-site scripting (XSS) vulnerability in the Off Page SEO WordPress plugin allows attackers to inject malicious scripts into web pag...
📅 76 days ago • Dec 30, 2025This CVE describes a missing authorization vulnerability in the Plugin Optimizer WordPress plugin that allows attackers to bypass access controls. Att...
📅 76 days ago • Dec 29, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Advanced Custom CSS WordPress plugin. When users visit...
📅 76 days ago • Dec 29, 2025This vulnerability allows attackers to inject malicious scripts into web pages generated by the Content Grid Slider WordPress plugin. When a user visi...
📅 76 days ago • Dec 29, 2025Why Track Trending CVEs?
Stay ahead of emerging threats: Newly discovered vulnerabilities pose the highest risk as attackers race to exploit them before patches are deployed. Trending CVEs represent the most critical security issues requiring immediate attention from security teams worldwide.
Prioritize remediation efforts: With thousands of CVEs published annually, security teams need to focus on the most recent and severe threats first. Our trending CVE dashboard highlights critical and high-severity vulnerabilities from the past 7, 30, or 90 days, helping you prioritize patching efforts.
🚀 Automated Trending CVE Monitoring
- Scan your servers to detect packages affected by trending CVEs
- Receive instant email alerts when critical vulnerabilities are discovered
- Dashboard shows CVE age, severity, CVSS scores, and affected systems
- Filter by time period (7/30/90 days) to focus on recent threats
