CVE Trends

Currently trending CVE - hypeScore: 1 - Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - hypeScore: 3 - Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.

Currently trending CVE - hypeScore: 1 - A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and d

Currently trending CVE - hypeScore: 1 - Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitr

Currently trending CVE - hypeScore: 1 - Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.

Currently trending CVE - hypeScore: 1 - Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.

Currently trending CVE - hypeScore: 1 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise

Currently trending CVE - hypeScore: 1 - An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions.

Currently trending CVE - hypeScore: 1 - A vulnerability in the REST API of Cisco Meeting Management could allow a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This vulnerability exists because proper authorization is not enforced upon REST API

Currently trending CVE - hypeScore: 1 - Microsoft Configuration Manager Remote Code Execution Vulnerability

Currently trending CVE - hypeScore: 2

Currently trending CVE - hypeScore: 1 - OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic

Currently trending CVE - hypeScore: 1 - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Currently trending CVE - hypeScore: 1 - An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbi

Currently trending CVE - hypeScore: 2 - Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulner

Currently trending CVE - hypeScore: 1

Currently trending CVE - hypeScore: 1 - Commands can be injected over the network and executed without authentication.

Currently trending CVE - hypeScore: 1 - Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Currently trending CVE - hypeScore: 1 - Windows BitLocker Information Disclosure Vulnerability

Currently trending CVE - hypeScore: 1 - TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the conte