CVE Trends

Currently trending CVE - Hype Score: 11 - An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While ...

Currently trending CVE - Hype Score: 13 - A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The ...

Currently trending CVE - Hype Score: 9 - CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the ...

Currently trending CVE - Hype Score: 8 - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been ...

Currently trending CVE - Hype Score: 8 - BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range ...

Currently trending CVE - Hype Score: 1 - Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

Currently trending CVE - Hype Score: 4

Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in ...

Currently trending CVE - Hype Score: 27 - Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 27 - Windows Kerberos Security Feature Bypass Vulnerability

Currently trending CVE - Hype Score: 1 - Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.

Currently trending CVE - Hype Score: 1 - A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain ...

Currently trending CVE - Hype Score: 4 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 4 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. ...

Currently trending CVE - Hype Score: 19 - Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 7 - A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can ...

Currently trending CVE - Hype Score: 13 - CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.

Currently trending CVE - Hype Score: 15 - Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by ...