CVE Trends

Currently trending CVE - Hype Score: 1 - An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been ...

Currently trending CVE - Hype Score: 1 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Currently trending CVE - Hype Score: 1 - Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network

Currently trending CVE - Hype Score: 1 - Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Currently trending CVE - Hype Score: 1 - Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without ...

Currently trending CVE - Hype Score: 1 - Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 1 - An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

Currently trending CVE - hypeScore: 5 - An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected cusomters have been noti

Currently trending CVE - hypeScore: 5 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

Currently trending CVE - hypeScore: 7 - Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network

Currently trending CVE - hypeScore: 12 - Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Currently trending CVE - hypeScore: 19 - Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without

Currently trending CVE - hypeScore: 1

Currently trending CVE - hypeScore: 1 - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying

Currently trending CVE - hypeScore: 2 - An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While

Currently trending CVE - hypeScore: 1 - AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to

Currently trending CVE - hypeScore: 1 - An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.

Currently trending CVE - hypeScore: 1 - If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.

Currently trending CVE - hypeScore: 1 - With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

Currently trending CVE - hypeScore: 3 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_documento.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL querie