🔥 Trending CVEs - Last 90 Days

This Cross-Site Scripting (XSS) vulnerability in the ListingPro WordPress theme allows attackers to inject malicious scripts into web pages viewed by ...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the ANAC XML Bandi di Gara WordPress plugin. When users vi...

This DOM-based cross-site scripting (XSS) vulnerability in the Jannah WordPress theme allows attackers to inject malicious scripts into web pages view...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Photography WordPress theme. When users visit a specia...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the dt-reservation-plugin WordPress plugin. When users vis...

This is a reflected cross-site scripting (XSS) vulnerability in the XStore Core WordPress plugin. Attackers can inject malicious scripts via crafted U...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the XStore WordPress theme, which are then executed in vic...

This is a reflected cross-site scripting (XSS) vulnerability in the Mailster WordPress plugin that allows attackers to inject malicious scripts into w...

This is a reflected cross-site scripting (XSS) vulnerability in the Schiocco Support Board WordPress plugin. Attackers can inject malicious scripts in...

This CVE describes a Missing Authorization vulnerability in the bPlugins Parallax Section WordPress block plugin that allows attackers to access funct...

This CVE describes a Missing Authorization vulnerability in the WPXPO PostX (ultimate-post) WordPress plugin that allows attackers to bypass access co...

This is a reflected cross-site scripting (XSS) vulnerability in the Logtik WordPress theme that allows attackers to inject malicious scripts into web ...

KeePassXC-Browser versions through 1.9.9.2 automatically fill or prompt to fill stored credentials into documents rendered under browser-enforced CSP ...

This vulnerability allows attackers to bypass authorization controls in PaperWork by manipulating user-controlled keys or identifiers. It affects all ...

A stored cross-site scripting (XSS) vulnerability in Crafty Controller's Server MOTD component allows remote unauthenticated attackers to inject malic...

This vulnerability is a use-after-free flaw in the Windows Ancillary Function Driver for WinSock that allows an authenticated attacker to escalate pri...

This CVE describes a use-after-free vulnerability in Windows Hyper-V that allows an authenticated attacker to escalate privileges on the local system....

A race condition vulnerability in Windows Device Association Service allows authenticated attackers to escalate privileges locally. This affects Windo...

CVE-2026-24285 is a use-after-free vulnerability in Windows Win32K that allows an authenticated attacker to escalate privileges on a local system. Thi...

A race condition vulnerability in Microsoft Graphics Component allows authenticated attackers to escalate privileges on local systems. This affects Wi...

A race condition vulnerability in Windows Bluetooth RFCOM Protocol Driver allows an authenticated attacker to execute code with elevated privileges on...

This vulnerability in UltraVNC 1.6.4.0 on Windows involves an uncontrolled search path weakness in cryptbase.dll that could allow local attackers to e...

This vulnerability allows local attackers to escalate privileges on TensorFlow installations by exploiting an insecure plugin loading mechanism. Attac...

A Use After Free vulnerability in Apache Arrow C++ allows memory corruption when reading Arrow IPC files with pre-buffering enabled. This affects C++ ...

This CVE describes a DLL hijacking vulnerability in Flos Freeware Notepad2 versions 4.2.22 through 4.2.25. Attackers can exploit uncontrolled search p...

This vulnerability in Unidocs ezPDF DRM Reader and ezPDF Reader allows local attackers to exploit an uncontrolled search path issue in SHFOLDER.dll, p...

A race condition vulnerability in Apple operating systems allows malicious applications to potentially gain root privileges. This affects users runnin...

A path traversal vulnerability in BusyBox's archive extraction utilities allows attackers to create malicious archives that, when extracted under spec...

CVE-2026-21508 is an improper authentication vulnerability in Windows Storage that allows authenticated attackers to elevate privileges locally. This ...

This vulnerability involves a use-after-free flaw in the Windows Mailslot File System that allows an authenticated attacker to execute arbitrary code ...

This vulnerability is a use-after-free flaw in Windows Ancillary Function Driver for WinSock that allows an authenticated attacker to execute arbitrar...

A race condition vulnerability in Windows Subsystem for Linux allows authenticated local attackers to escalate privileges by exploiting improper synch...

This vulnerability in Artifex MuPDF on Windows allows local attackers to exploit an uncontrolled search path issue in the get_system_dpi function. Att...

OpenTelemetry-Go SDK versions v1.20.0 through v1.39.0 on macOS/Darwin systems are vulnerable to path hijacking attacks. An attacker with local access ...

This CVE describes a local privilege escalation vulnerability in mlflow versions before 3.4.0 where temporary directories for Python virtual environme...

This vulnerability allows attackers to execute arbitrary code or write arbitrary files when downloading and building Go modules with malicious version...

Dell CloudBoost Virtual Appliance versions before 19.14.0.0 store passwords in plaintext, allowing attackers with remote access and high privileges to...

This CVE describes a local privilege escalation vulnerability in npm CLI where incorrect permission assignment allows loading modules from unsecured l...

This CVE describes a use-after-free vulnerability in Inbox COM Objects that allows an unauthorized attacker to execute arbitrary code locally on affec...

A race condition vulnerability in the Capability Access Management Service (camsvc) allows authorized attackers to escalate privileges on local system...

This vulnerability allows an unauthorized attacker to execute arbitrary code on a local system by exploiting an untrusted search path in Microsoft Off...

A race condition vulnerability in Windows Local Session Manager allows authenticated attackers to escalate privileges on affected systems. This affect...

This vulnerability involves a double-free memory corruption flaw in the Windows Win32K ICOMP component. An authenticated attacker could exploit this t...

This vulnerability involves a use-after-free flaw in Windows Desktop Window Manager (DWM) that allows an authenticated attacker to execute arbitrary c...

This CVE describes a race condition vulnerability in the Graphics Kernel that allows local attackers with existing system access to elevate privileges...

A race condition vulnerability in the Capability Access Management Service (camsvc) allows authorized attackers to gain elevated privileges on affecte...

This vulnerability is a race condition in the Graphics Kernel that allows an authorized local attacker to execute code concurrently with improper sync...

A race condition vulnerability in the Capability Access Management Service (camsvc) allows authorized attackers to execute concurrent operations on sh...

A race condition vulnerability in the Printer Association Object allows authorized attackers to escalate privileges locally. This affects systems wher...

This CVE describes a memory corruption vulnerability in the seninf component due to a race condition. It allows local privilege escalation from System...