CVE Trends

Currently trending CVE - Hype Score: 1 - WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication ...

Currently trending CVE - Hype Score: 1 - Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Currently trending CVE - Hype Score: 2 - A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, ...

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 1 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Currently trending CVE - Hype Score: 14 - Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

Currently trending CVE - Hype Score: 19 - Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass ...

Currently trending CVE - Hype Score: 7 - An authentication bypass vulnerability exists in HPE StoreOnce Software.

Currently trending CVE - Hype Score: 1 - A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

Currently trending CVE - Hype Score: 19 - vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.

Currently trending CVE - Hype Score: 3 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Currently trending CVE - Hype Score: 1 - A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence ...

Currently trending CVE - Hype Score: 16 - Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Currently trending CVE - Hype Score: 24 - This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege ...

Currently trending CVE - Hype Score: 21 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidate is a reservation duplicate of CVE-2025-49113. Notes: All CVE users should reference CVE-2025-49113 instead of this candidate. All references and descriptions in this candidate ...

Currently trending CVE - Hype Score: 12 - Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 20 - CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

Currently trending CVE - Hype Score: 20 - A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible ...