CVE Trends

Currently trending CVE - Hype Score: 4 - billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Currently trending CVE - Hype Score: 5 - Windows OLE Remote Code Execution Vulnerability

Currently trending CVE - Hype Score: 5 - Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.

Currently trending CVE - Hype Score: 1 - Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka ...

Currently trending CVE - Hype Score: 1 - WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication ...

Currently trending CVE - Hype Score: 1 - Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

Currently trending CVE - Hype Score: 2 - A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, ...

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 14 - Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

Currently trending CVE - Hype Score: 19 - Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass ...

Currently trending CVE - Hype Score: 7 - An authentication bypass vulnerability exists in HPE StoreOnce Software.

Currently trending CVE - Hype Score: 19 - vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.

Currently trending CVE - Hype Score: 3 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

Currently trending CVE - Hype Score: 16 - Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Currently trending CVE - Hype Score: 24 - This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege ...

Currently trending CVE - Hype Score: 21 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-49113. Reason: This candidate is a reservation duplicate of CVE-2025-49113. Notes: All CVE users should reference CVE-2025-49113 instead of this candidate. All references and descriptions in this candidate ...

Currently trending CVE - Hype Score: 12 - Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 20 - CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.