CVE Trends

Currently trending CVE - Hype Score: 3 - An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution

Currently trending CVE - Hype Score: 5 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each ...

Currently trending CVE - Hype Score: 7

Currently trending CVE - Hype Score: 7

Currently trending CVE - Hype Score: 7 - Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed ...

Currently trending CVE - Hype Score: 9 - A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The ...

Currently trending CVE - Hype Score: 1 - Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Currently trending CVE - Hype Score: 1 - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Currently trending CVE - Hype Score: 1 - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Currently trending CVE - Hype Score: 6 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček ...

Currently trending CVE - Hype Score: 9 - Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 9 - Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Currently trending CVE - Hype Score: 9 - Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 1 - On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected ...

Currently trending CVE - Hype Score: 1 - Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 1 - A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands ...

Currently trending CVE - Hype Score: 9 - Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 8 - A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful ...

Currently trending CVE - Hype Score: 9 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full ...

Currently trending CVE - Hype Score: 10 - A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.