CVE Trends

Currently trending CVE - Hype Score: 2 - An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the ...

Currently trending CVE - Hype Score: 12 - In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.

Currently trending CVE - Hype Score: 20

Currently trending CVE - Hype Score: 22 - Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Currently trending CVE - Hype Score: 11 - An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While ...

Currently trending CVE - Hype Score: 13 - A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The ...

Currently trending CVE - Hype Score: 8 - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been ...

Currently trending CVE - Hype Score: 8 - BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range ...

Currently trending CVE - Hype Score: 1 - Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

Currently trending CVE - Hype Score: 4

Currently trending CVE - Hype Score: 27 - Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 27 - Windows Kerberos Security Feature Bypass Vulnerability

Currently trending CVE - Hype Score: 1 - Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.

Currently trending CVE - Hype Score: 1 - A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain ...

Currently trending CVE - Hype Score: 4 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 4 - Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. ...

Currently trending CVE - Hype Score: 19 - Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability