CVE Trends

Currently trending CVE - Hype Score: 13 - A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The ...

Currently trending CVE - Hype Score: 8 - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been ...

Currently trending CVE - Hype Score: 8 - BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range ...

Currently trending CVE - Hype Score: 1 - Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

Currently trending CVE - Hype Score: 4

Currently trending CVE - Hype Score: 27 - Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 27 - Windows Kerberos Security Feature Bypass Vulnerability

Currently trending CVE - Hype Score: 1 - Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.

Currently trending CVE - Hype Score: 1 - A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain ...

Currently trending CVE - Hype Score: 4 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 4 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. ...

Currently trending CVE - Hype Score: 19 - Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 7 - A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can ...

Currently trending CVE - Hype Score: 13 - CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.

Currently trending CVE - Hype Score: 15 - Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by ...

Currently trending CVE - Hype Score: 10 - An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.

Currently trending CVE - Hype Score: 12 - Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Currently trending CVE - Hype Score: 1 - Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)