🔥 Trending CVEs - Last 90 Days

CVE-2026-0848 allows arbitrary code execution in NLTK versions <=3.9.2 due to improper input validation in the StanfordSegmenter module. Attackers can...

This critical authentication bypass vulnerability in pac4j-jwt allows attackers with the server's RSA public key to forge JWT authentication tokens an...

This critical vulnerability in Cisco Secure Firewall Management Center allows unauthenticated remote attackers to execute arbitrary Java code with roo...

An authentication bypass vulnerability in Cisco Secure Firewall Management Center (FMC) allows unauthenticated remote attackers to execute arbitrary s...

This CVE describes a patch bypass vulnerability in FreeScout help desk software that allows authenticated users with file upload permissions to achiev...

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx callback endpoint. Any unauthenticated visitor ca...

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager allows unauthenticated remote attackers to gain admi...

CVE-2026-27597 is a critical sandbox escape vulnerability in Enclave, a secure JavaScript sandbox for AI agent code execution. Attackers can bypass se...

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect boundary conditions. Attackers could potentially b...

This CVE describes a sandbox escape vulnerability in Firefox's DOM Core & HTML component due to incorrect boundary conditions. It allows malicious web...

This CVE describes a sandbox escape vulnerability in Firefox's IndexedDB storage component. Attackers could potentially break out of browser security ...

This CVE describes a sandbox escape vulnerability in Firefox's WebRender graphics component due to incorrect boundary conditions. It allows attackers ...

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint that accepts Mailchimp API credentials. Unauthenti...

Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virtio-block devices with raw images. A malicious gues...

This vulnerability allows remote attackers to execute arbitrary operating system commands on PROLiNK PRC2402M routers by injecting shell metacharacter...

CVE-2025-30412 allows attackers to bypass authentication mechanisms in Acronis Cyber Protect, potentially leading to unauthorized access, sensitive da...

This critical vulnerability in NLTK's downloader component allows remote code execution when users download malicious zip packages. Attackers can craf...

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials that allow unauthenticated remote attackers to gain r...

This zip slip vulnerability in MojoPortal CMS allows attackers to upload malicious zip files that extract to arbitrary locations on the server, potent...

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the Docker API deployment. Attackers can send malicio...

A path traversal vulnerability in the ZBT WE2001 router's check_token function allows remote attackers to bypass authentication by manipulating sessio...

CVE-2026-25632 is a critical remote code execution vulnerability in EPyT-Flow's REST API. Attackers can send malicious JSON payloads that trigger dyna...

CVE-2026-25641 is a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attackers can bypass JavaScript sandbox restrictions by ...

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers to obtain the host's Function constructor and exec...

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attackers can bypass JavaScript sandboxing by shadowing...

CVE-2026-25587 is a critical sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attackers can overwrite Map.prototype.has to br...

This vulnerability allows malicious code running inside Claude Code's sandbox to create a missing settings.json file and inject persistent hooks that ...

This vulnerability in Go's crypto/tls package allows TLS session resumption to succeed when it should fail due to certificate authority configuration ...

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulating uploaded file names. It affects Zenitel communi...

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter's web management interface lacks authentication, allowing any unauthenticated user to acce...

An unauthenticated SQL injection vulnerability in Fikir Odalari AdminPando 1.0.1 allows attackers to bypass authentication completely. Successful expl...

CVE-2025-70841 allows unauthenticated attackers to access the .env configuration file in Dokans Multi-Tenancy eCommerce Platform, exposing sensitive c...

CVE-2026-25142 is a critical sandbox escape vulnerability in SandboxJS library versions before 0.8.27. Attackers can use the __lookupGetter__ method t...

This CVE describes a critical GitHub Actions vulnerability in Eclipse Theia's website repository where the pull_request_target trigger allowed untrust...

A vulnerability in Kata Containers allows malformed container images with no layers to cause the host's block device to be mounted as read-only, poten...

CVE-2026-24897 is a critical path traversal vulnerability in Erugo file-sharing platform that allows authenticated low-privileged users to upload arbi...

CVE-2025-57792 is a critical SQL injection vulnerability in Explorance Blue software that allows unauthenticated attackers to execute arbitrary SQL co...

SandboxJS versions before 0.8.26 have a critical sandbox escape vulnerability that allows attackers to execute arbitrary code outside the sandbox cont...

This vulnerability allows attackers to bypass authentication and exploit weak password recovery mechanisms in Birebirsoft Sufirmam software. Attackers...

A critical file upload vulnerability in TMS Global Software TMS Management Console allows remote attackers to upload malicious files through the Logo ...

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled inputs to bypass network restrictions and connect t...

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress plugin. Attackers can gain higher-level permissio...

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect privilege assignment. It affects all versions up to...

CVE-2026-22686 is a critical sandbox escape vulnerability in enclave-vm that allows untrusted JavaScript code to execute arbitrary code in the host No...

OpenC3 COSMOS versions 5.0.0 through 6.10.1 contain a critical remote code execution vulnerability in the JSON-RPC API. Unauthenticated attackers can ...

This CVE describes a sandbox escape vulnerability in the Messaging System component of Firefox and Thunderbird. Attackers can potentially execute arbi...

This critical vulnerability allows unauthenticated remote attackers to bypass authentication on specific API endpoints and impersonate legitimate user...

CVE-2025-63314 is a critical authentication bypass vulnerability in DDSN Interactive Acora CMS v10.7.1 where static password reset tokens allow attack...

This critical SQL injection vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on internet-exposed services. Successful ...

This vulnerability allows authenticated attackers to execute arbitrary commands on affected devices by manipulating the hostname parameter. It affects...