CVE Trends

Currently trending CVE - Hype Score: 2

Currently trending CVE - Hype Score: 2 - Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

Currently trending CVE - Hype Score: 2

Currently trending CVE - Hype Score: 7 - React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through external requests. This attack requires the application code to have an existing ...

Currently trending CVE - Hype Score: 1 - A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected ...

Currently trending CVE - Hype Score: 1 - A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation ...

Currently trending CVE - Hype Score: 1 - In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Currently trending CVE - Hype Score: 1 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to ...

Currently trending CVE - Hype Score: 3 - Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM ...

Currently trending CVE - Hype Score: 4 - Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

Currently trending CVE - Hype Score: 4 - Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Currently trending CVE - Hype Score: 1 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...

Currently trending CVE - Hype Score: 2 - Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.

Currently trending CVE - Hype Score: 2 - Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Currently trending CVE - Hype Score: 1 - Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 1 - Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues.

Currently trending CVE - Hype Score: 5 - go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.

Currently trending CVE - Hype Score: 4 - In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via ...

Currently trending CVE - Hype Score: 1