CVE Trends

Currently trending CVE - Hype Score: 6 - BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute ...

Currently trending CVE - Hype Score: 7 - The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT ...

Currently trending CVE - Hype Score: 8 - An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but ...

Currently trending CVE - Hype Score: 12 - Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through ...

Currently trending CVE - Hype Score: 13 - Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, ...

Currently trending CVE - Hype Score: 4 - An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

Currently trending CVE - Hype Score: 58 - Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

Currently trending CVE - Hype Score: 1 - A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query ...

Currently trending CVE - Hype Score: 18 - Win32k Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 3 - Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 39

Currently trending CVE - Hype Score: 27 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB ...

Currently trending CVE - Hype Score: 10 - NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, ...

Currently trending CVE - Hype Score: 11 - Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote ...

Currently trending CVE - Hype Score: 15

Currently trending CVE - Hype Score: 15

Currently trending CVE - Hype Score: 4 - Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain ...

Currently trending CVE - Hype Score: 11 - A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.

Currently trending CVE - Hype Score: 8

Currently trending CVE - Hype Score: 8 - A vulnerability, which was classified as critical, has been found in Comodo Internet Security Premium 12.3.4.8162. This issue affects some unknown processing of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation of the argument binary/params ...