CVE Trends

Currently trending CVE - Hype Score: 10 - Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 1 - Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

Currently trending CVE - Hype Score: 2 - ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the ...

Currently trending CVE - Hype Score: 1 - An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and ...

Currently trending CVE - Hype Score: 1 - The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection ...

Currently trending CVE - Hype Score: 1 - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the ...

Currently trending CVE - Hype Score: 2 - Active Directory Domain Services Elevation of Privilege Vulnerability

Currently trending CVE - Hype Score: 1 - conda-forge-metadata provides programatic access to conda-forge's metadata. conda-forge-metadata uses an optional dependency - "conda-oci-mirror" which was neither present on the PyPi repository nor registered by any entity. If conda-oci-mirror is taken over by a threat actor, ...

Currently trending CVE - Hype Score: 1 - Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 3 - A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. ...

Currently trending CVE - Hype Score: 1 - Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role. In Kibana versions 8.17.1 and 8.17.2 , this is only ...

Currently trending CVE - Hype Score: 1 - Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor ...

Currently trending CVE - Hype Score: 1 - EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.

Currently trending CVE - Hype Score: 1 - The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'card_address' parameter. This makes it possible for unauthenticated attackers ...

Currently trending CVE - Hype Score: 4 - Windows KDC Proxy Remote Code Execution Vulnerability

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1 - VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.