10 - CVE-2025-26466
Currently trending CVE - hypeScore: 1
CVE Trends
8 - CVE-2025-26465
Currently trending CVE - hypeScore: 1 - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying
6 - CVE-2025-0108
Currently trending CVE - hypeScore: 2 - An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While
9 - CVE-2024-12754
Currently trending CVE - hypeScore: 1 - AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to
7 - CVE-2024-53704
Currently trending CVE - hypeScore: 1 - An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
9 - CVE-2024-12510
Currently trending CVE - hypeScore: 1 - If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.
7 - CVE-2024-12511
Currently trending CVE - hypeScore: 1 - With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.
8 - CVE-2025-26614
Currently trending CVE - hypeScore: 3 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_documento.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL querie
7 - CVE-2025-26615
Currently trending CVE - hypeScore: 3 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `examples.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive inf
9 - CVE-2025-26617
Currently trending CVE - hypeScore: 3 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, a
10 - CVE-2025-1094
Currently trending CVE - hypeScore: 1 - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires t
8 - CVE-2025-26609
Currently trending CVE - hypeScore: 2 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `familiar_docfamiliar.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries,
7 - CVE-2025-26613
Currently trending CVE - hypeScore: 2 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, `gerenciar_backup.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code rem
6 - CVE-2023-7028
Currently trending CVE - hypeScore: 1 - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could
9 - CVE-2025-21420
Currently trending CVE - hypeScore: 1 - Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
10 - CVE-2025-25964
Currently trending CVE - hypeScore: 1
8 - CVE-2025-1340
Currently trending CVE - hypeScore: 1 - A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack rem
4 - CVE-2025-26793
Currently trending CVE - hypeScore: 2 - The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the cr
5 - CVE-2025-24200
Currently trending CVE - hypeScore: 2 - An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an
8 - CVE-2025-1240
Currently trending CVE - hypeScore: 1 - WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a mal
Get the latest rankings and info for CVEs currently trending on social media