CVE Trends

Currently trending CVE - Hype Score: 2 - Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Currently trending CVE - Hype Score: 2 - Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Currently trending CVE - Hype Score: 1 - Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 1 - Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Currently trending CVE - Hype Score: 5 - go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.

Currently trending CVE - Hype Score: 4 - In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via ...

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1 - Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for ...

Currently trending CVE - Hype Score: 1 - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor() skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted ...

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 2 - phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the ...

Currently trending CVE - Hype Score: 2 - marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. ...

Currently trending CVE - Hype Score: 2 - Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command ...

Currently trending CVE - Hype Score: 5

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1 - Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can ...

Currently trending CVE - Hype Score: 2 - A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is ...

Currently trending CVE - Hype Score: 9 - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes.