CVE Trends

Currently trending CVE - Hype Score: 1 - An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Currently trending CVE - Hype Score: 4 - Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application ...

Currently trending CVE - Hype Score: 12 - Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 8 - A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a ...

Currently trending CVE - Hype Score: 3 - A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.

Currently trending CVE - Hype Score: 3 - This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data.

Currently trending CVE - Hype Score: 1 - Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two ...

Currently trending CVE - Hype Score: 1 - In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for ...

Currently trending CVE - Hype Score: 7 - Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent ...

Currently trending CVE - Hype Score: 3 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Stored XSS.This issue affects Pyxis Signage: through 31012025.

Currently trending CVE - Hype Score: 3 - A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

Currently trending CVE - Hype Score: 1 - IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists ...

Currently trending CVE - Hype Score: 8 - An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an ...

Currently trending CVE - Hype Score: 1 - Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.

Currently trending CVE - Hype Score: 2 - Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.

Currently trending CVE - Hype Score: 2 - An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is ...

Currently trending CVE - Hype Score: 1 - Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue.

Currently trending CVE - Hype Score: 8 - Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's ...

Currently trending CVE - Hype Score: 1 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Currently trending CVE - Hype Score: 1 - Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)