🔥 Trending CVEs - Last 30 Days

Centova Cast 3.2.11 contains an arbitrary file download vulnerability in the server.copyfile API endpoint. Authenticated attackers can exploit this to...

The Advanced AJAX Product Filters WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input in the Live Composer c...

CVE-2025-13689 is an unrestricted file upload vulnerability in IBM DataStage on Cloud Pak for Data that allows authenticated users to upload malicious...

This authentication bypass vulnerability in the application API allows remote attackers to create unauthorized administrative accounts. Attackers can ...

This CVE describes a command injection vulnerability in Tenable Security Center that allows authenticated remote attackers to execute arbitrary comman...

This CVE describes a stack-based buffer overflow vulnerability in TOTOLINK A3002RU routers. Attackers can exploit this by sending specially crafted vp...

CVE-2024-55270 is an SQL injection vulnerability in phpgurukul Student Management System 1.0 that allows attackers to execute arbitrary SQL commands t...

This vulnerability in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code on the server by manipulating the JDBC configuration URL parameter...

This vulnerability involves hard-coded credentials in the web management interface of Beetel 777VR1 routers. Attackers on the local network can exploi...

This vulnerability allows authenticated attackers with Subscriber-level access or higher to include and execute arbitrary .html files on WordPress ser...

The WowRevenue WordPress plugin allows authenticated attackers with subscriber-level access or higher to install arbitrary plugins due to missing capa...

A heap buffer overflow vulnerability in libvpx video codec library allows attackers to execute arbitrary code or cause denial of service. This affects...

This vulnerability allows any authenticated low-privileged user in eNet SMART HOME server to reset passwords of any account, including administrators,...

A stack-based buffer overflow in the Alps Alpine Bluetooth stack of Bosch Infotainment ECUs allows remote code execution with root privileges. Attacke...

LavaLite CMS 10.1.0 has an access control vulnerability where authenticated users with low-level privileges can bypass role restrictions and access th...

This vulnerability in the Starfish Review Generation & Marketing WordPress plugin allows authenticated attackers with Subscriber-level access or highe...

This is a use-after-free vulnerability in Chrome's CSS engine that allows remote attackers to execute arbitrary code within the browser's sandbox by t...

This authentication bypass vulnerability in Universal Software Inc.'s FlexCity/Kiosk software allows attackers to gain unauthorized access and escalat...

FileZen contains an OS command injection vulnerability that allows authenticated users to execute arbitrary operating system commands when the virus c...

CVE-2019-25318 is a stack overflow vulnerability in AVS Audio Converter 9.1.2.600 that allows remote code execution when attackers manipulate the outp...

This vulnerability allows users with create/update permissions in Yoke's Air Traffic Controller to execute arbitrary WASM code by injecting malicious ...

This vulnerability allows authenticated users of AutoGPT to execute arbitrary code on the backend server by bypassing disabled block restrictions. Att...

This vulnerability in authentik allows attackers to bypass SAML authentication by injecting malicious assertions before legitimate signed ones. It aff...

This vulnerability in Infoblox NIOS allows attackers to execute arbitrary code remotely through insecure deserialization. It affects all Infoblox NIOS...

This vulnerability in PostgreSQL's intarray extension allows attackers to execute arbitrary code with the privileges of the database operating system ...

A buffer overflow vulnerability in PostgreSQL's text manipulation functions allows authenticated database users to execute arbitrary code with the pri...

JUNG Smart Visu Server 1.1.1050 has a request header manipulation vulnerability where unauthenticated attackers can inject arbitrary values in the X-F...

CVE-2026-0969 allows remote attackers to execute arbitrary code on servers using next-mdx-remote when processing untrusted MDX content. This occurs be...

This CVE describes a sandbox escape vulnerability in Apple operating systems where a malicious app could bypass security restrictions designed to isol...

CVE-2024-50619 allows authenticated low-privileged users in CIPPlanner CIPAce to escalate privileges by manipulating user IDs to access other accounts...

This vulnerability allows authorized users to upload executable files through CIPPlanner CIPAce's rich text editor and document management components....

This is a use-after-free vulnerability in Chrome's Ozone component that could allow heap corruption when users perform specific UI gestures on a malic...

This vulnerability in Chrome's WebGPU implementation allows attackers to access memory outside intended boundaries via malicious web pages. It affects...

This is a use-after-free vulnerability in Chrome's CSS engine that allows remote attackers to potentially exploit heap corruption. Attackers can trigg...

This vulnerability allows authenticated users of Pacom Unison Client 5.13.1 to inject malicious scripts into Report Templates. When specific script co...

This vulnerability in AMD Graphics Driver allows attackers to execute arbitrary code by exploiting improper input validation of pointers. It affects s...

A static code injection vulnerability in QNAP File Station 5 allows authenticated attackers to access restricted files and data. This affects users of...

An out-of-bounds write vulnerability in Qsync Central allows authenticated remote attackers to modify or corrupt memory. This affects QNAP Qsync Centr...

The Videospirecore Theme Plugin for WordPress has an authentication bypass vulnerability that allows authenticated attackers with Subscriber-level acc...

This vulnerability in the Lazy Blocks WordPress plugin allows authenticated attackers with Contributor-level access or higher to execute arbitrary cod...

CVE-2026-25947 is a SQL injection vulnerability in Worklenz project management software that allows attackers to execute arbitrary SQL commands throug...

A code injection vulnerability in Microsoft Defender for Linux allows attackers on adjacent networks to execute arbitrary code without authorization. ...

CVE-2026-21516 is a command injection vulnerability in GitHub Copilot that allows unauthorized attackers to execute arbitrary code over a network. Thi...

This vulnerability in the MSHTML Framework allows attackers to bypass security protections remotely, potentially enabling unauthorized access or code ...

A protection mechanism failure in Windows Shell allows attackers to bypass security features over a network, potentially enabling unauthorized access ...

This XPath injection vulnerability in Apache HertzBeat allows attackers to manipulate XPath queries by injecting malicious data, potentially accessing...

Agentflow software by Flowring contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files and execu...

Docpedia software from Flowring contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands. This ena...

This vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform allows authenticated attackers with normal privileges to modify signed X...

CVE-2026-25807 is a critical vulnerability in ZAI Shell's P2P terminal sharing feature that allows unauthenticated remote attackers to execute arbitra...