CVE Trends

Currently trending CVE - Hype Score: 1 - An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can ...

Currently trending CVE - Hype Score: 1 - Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

Currently trending CVE - Hype Score: 1 - FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

Currently trending CVE - Hype Score: 1 - Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x ...

Currently trending CVE - Hype Score: 1 - The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated ...

Currently trending CVE - Hype Score: 1 - NTLM Hash Disclosure Spoofing Vulnerability

Currently trending CVE - Hype Score: 1 - TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was ...

Currently trending CVE - Hype Score: 1 - Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities ...

Currently trending CVE - Hype Score: 1 - Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, ...

Currently trending CVE - Hype Score: 2 - axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential ...

Currently trending CVE - Hype Score: 2 - Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 10 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 2 - ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the ...

Currently trending CVE - Hype Score: 1 - An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and ...

Currently trending CVE - Hype Score: 1 - The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection ...

Currently trending CVE - Hype Score: 1 - conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, ...

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 3 - A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. ...