CVE Trends

Currently trending CVE - Hype Score: 21 - A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Currently trending CVE - Hype Score: 38 - Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted ...

Currently trending CVE - Hype Score: 28 - Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 1 - Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem ...

Currently trending CVE - Hype Score: 22 - Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in ...

Currently trending CVE - Hype Score: 21 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček ...

Currently trending CVE - Hype Score: 21 - In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, ...

Currently trending CVE - Hype Score: 1 - Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker ...

Currently trending CVE - Hype Score: 1 - Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 11 - Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.

Currently trending CVE - Hype Score: 20

Currently trending CVE - Hype Score: 1 - An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized ...

Currently trending CVE - Hype Score: 1 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Currently trending CVE - Hype Score: 12 - An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway ...

Currently trending CVE - Hype Score: 32 - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Currently trending CVE - Hype Score: 32 - A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

Currently trending CVE - Hype Score: 25 - An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands.

Currently trending CVE - Hype Score: 26 - External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Currently trending CVE - Hype Score: 26 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.