CVE Trends

Currently trending CVE - Hype Score: 8 - VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

Currently trending CVE - Hype Score: 8 - VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

Currently trending CVE - Hype Score: 3 - An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.

Currently trending CVE - Hype Score: 3 - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High ...

Currently trending CVE - Hype Score: 2 - Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Currently trending CVE - Hype Score: 7 - Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versions, this can lead to unauthenticated access to sensitive credentials via HTTP/S. A remote attacker could ...

Currently trending CVE - Hype Score: 18 - Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 12 - Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system.

Currently trending CVE - Hype Score: 1 - 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.

Currently trending CVE - Hype Score: 15 - The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

Currently trending CVE - Hype Score: 39 - Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Currently trending CVE - Hype Score: 13 - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Currently trending CVE - Hype Score: 1 - A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.

Currently trending CVE - Hype Score: 19 - Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 1 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Currently trending CVE - Hype Score: 2

Currently trending CVE - Hype Score: 1 - A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file ...

Currently trending CVE - Hype Score: 22 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

Currently trending CVE - Hype Score: 29 - OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution

Currently trending CVE - Hype Score: 29 - Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.