CVE Trends

Currently trending CVE - Hype Score: 5 - pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that ...

Currently trending CVE - Hype Score: 19 - A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially ...

Currently trending CVE - Hype Score: 14 - Microsoft Configuration Manager Remote Code Execution Vulnerability

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1 - Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 15 - Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Currently trending CVE - Hype Score: 41 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Currently trending CVE - Hype Score: 17 - External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 12 - Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.

Currently trending CVE - Hype Score: 20 - Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Currently trending CVE - Hype Score: 3 - An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and ...

Currently trending CVE - Hype Score: 4 - SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration ...

Currently trending CVE - Hype Score: 3 - Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Currently trending CVE - Hype Score: 2 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being ...

Currently trending CVE - Hype Score: 15 - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Currently trending CVE - Hype Score: 31 - Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

Currently trending CVE - Hype Score: 1 - A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using ...

Currently trending CVE - Hype Score: 9 - An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting ...

Currently trending CVE - Hype Score: 1 - Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a ...

Currently trending CVE - Hype Score: 1 - A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.