🔥 Trending CVEs - Last 90 Days

An improper authentication vulnerability in Gmission Web Fax allows attackers to bypass authentication mechanisms and escalate privileges. This affect...

In self-hosted n8n instances prior to version 2.0.0, authenticated users with workflow editing access can exploit the Code node's legacy JavaScript ex...

An authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer allows attackers to access restricte...

CVE-2025-66736 is an authorization bypass vulnerability in youlai-boot V2.21.1 where the importUsers function lacks proper permission checks. This all...

This CSRF vulnerability in Restajet Online Food Delivery System allows attackers to trick authenticated users into performing unintended actions on th...

BullWall Ransomware Containment has a vulnerability where an authenticated attacker can encrypt files while preserving the first four bytes, bypassing...

MyHoard versions 1.0.1 through 1.2.x log backup information including encryption keys in certain cases, potentially exposing sensitive database backup...

This reflected cross-site scripting (XSS) vulnerability in the BoldGrid Sprout Clients WordPress plugin allows attackers to inject malicious scripts i...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Bob Hostel WordPress plugin. When users visit a specia...

This DOM-based Cross-Site Scripting (XSS) vulnerability in the Easy Invoice WordPress plugin allows attackers to inject malicious scripts into web pag...

This Cross-Site Scripting (XSS) vulnerability in the FolioVision FV Antispam WordPress plugin allows attackers to inject malicious scripts into web pa...

This is a reflected cross-site scripting (XSS) vulnerability in the Traveler WordPress theme that allows attackers to inject malicious scripts into we...

This Cross-Site Scripting (XSS) vulnerability in the ListingPro WordPress theme allows attackers to inject malicious scripts into web pages viewed by ...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the ANAC XML Bandi di Gara WordPress plugin. When users vi...

This DOM-based cross-site scripting (XSS) vulnerability in the Jannah WordPress theme allows attackers to inject malicious scripts into web pages view...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Photography WordPress theme. When users visit a specia...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the dt-reservation-plugin WordPress plugin. When users vis...

This is a reflected cross-site scripting (XSS) vulnerability in the XStore Core WordPress plugin. Attackers can inject malicious scripts via crafted U...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the XStore WordPress theme, which are then executed in vic...

This is a reflected cross-site scripting (XSS) vulnerability in the Mailster WordPress plugin that allows attackers to inject malicious scripts into w...

This is a reflected cross-site scripting (XSS) vulnerability in the Schiocco Support Board WordPress plugin. Attackers can inject malicious scripts in...

This CVE describes a Missing Authorization vulnerability in the bPlugins Parallax Section WordPress block plugin that allows attackers to access funct...

This CVE describes a Missing Authorization vulnerability in the WPXPO PostX (ultimate-post) WordPress plugin that allows attackers to bypass access co...

This is a reflected cross-site scripting (XSS) vulnerability in the Logtik WordPress theme that allows attackers to inject malicious scripts into web ...

KeePassXC-Browser versions through 1.9.9.2 automatically fill or prompt to fill stored credentials into documents rendered under browser-enforced CSP ...

This vulnerability allows attackers to bypass authorization controls in PaperWork by manipulating user-controlled keys or identifiers. It affects all ...

A stored cross-site scripting (XSS) vulnerability in Crafty Controller's Server MOTD component allows remote unauthenticated attackers to inject malic...

This vulnerability is a use-after-free flaw in the Windows Ancillary Function Driver for WinSock that allows an authenticated attacker to escalate pri...

This CVE describes a use-after-free vulnerability in Windows Hyper-V that allows an authenticated attacker to escalate privileges on the local system....

A race condition vulnerability in Windows Device Association Service allows authenticated attackers to escalate privileges locally. This affects Windo...

CVE-2026-24285 is a use-after-free vulnerability in Windows Win32K that allows an authenticated attacker to escalate privileges on a local system. Thi...

A race condition vulnerability in Microsoft Graphics Component allows authenticated attackers to escalate privileges on local systems. This affects Wi...

A race condition vulnerability in Windows Bluetooth RFCOM Protocol Driver allows an authenticated attacker to execute code with elevated privileges on...

This vulnerability in UltraVNC 1.6.4.0 on Windows involves an uncontrolled search path weakness in cryptbase.dll that could allow local attackers to e...

This vulnerability allows local attackers to escalate privileges on TensorFlow installations by exploiting an insecure plugin loading mechanism. Attac...

A Use After Free vulnerability in Apache Arrow C++ allows memory corruption when reading Arrow IPC files with pre-buffering enabled. This affects C++ ...

This CVE describes a DLL hijacking vulnerability in Flos Freeware Notepad2 versions 4.2.22 through 4.2.25. Attackers can exploit uncontrolled search p...

This vulnerability in Unidocs ezPDF DRM Reader and ezPDF Reader allows local attackers to exploit an uncontrolled search path issue in SHFOLDER.dll, p...

A race condition vulnerability in Apple operating systems allows malicious applications to potentially gain root privileges. This affects users runnin...

A path traversal vulnerability in BusyBox's archive extraction utilities allows attackers to create malicious archives that, when extracted under spec...

CVE-2026-21508 is an improper authentication vulnerability in Windows Storage that allows authenticated attackers to elevate privileges locally. This ...

This vulnerability involves a use-after-free flaw in the Windows Mailslot File System that allows an authenticated attacker to execute arbitrary code ...

This vulnerability is a use-after-free flaw in Windows Ancillary Function Driver for WinSock that allows an authenticated attacker to execute arbitrar...

A race condition vulnerability in Windows Subsystem for Linux allows authenticated local attackers to escalate privileges by exploiting improper synch...

This vulnerability in Artifex MuPDF on Windows allows local attackers to exploit an uncontrolled search path issue in the get_system_dpi function. Att...

OpenTelemetry-Go SDK versions v1.20.0 through v1.39.0 on macOS/Darwin systems are vulnerable to path hijacking attacks. An attacker with local access ...

This CVE describes a local privilege escalation vulnerability in mlflow versions before 3.4.0 where temporary directories for Python virtual environme...

This vulnerability allows attackers to execute arbitrary code or write arbitrary files when downloading and building Go modules with malicious version...

Dell CloudBoost Virtual Appliance versions before 19.14.0.0 store passwords in plaintext, allowing attackers with remote access and high privileges to...

This CVE describes a local privilege escalation vulnerability in npm CLI where incorrect permission assignment allows loading modules from unsecured l...