CVE Trends

Currently trending CVE - Hype Score: 18 - In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: hold io_buffer_list reference over mmap If we look up the kbuf, ensure that it doesn't get unregistered until after we're done with it. Since we're inside mmap, we cannot safely use the io_uring ...

Currently trending CVE - Hype Score: 4 - An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.

Currently trending CVE - Hype Score: 1 - Windows Remote Desktop Services Remote Code Execution Vulnerability

Currently trending CVE - Hype Score: 21 - This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

Currently trending CVE - Hype Score: 12

Currently trending CVE - Hype Score: 6 - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.

Currently trending CVE - Hype Score: 12 - The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization.

Currently trending CVE - Hype Score: 33 - Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead ...

Currently trending CVE - Hype Score: 1 - Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Currently trending CVE - Hype Score: 32 - Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.

Currently trending CVE - Hype Score: 1 - Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Currently trending CVE - Hype Score: 1 - An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window.

Currently trending CVE - Hype Score: 1 - In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames ...

Currently trending CVE - Hype Score: 1 - BitLocker Security Feature Bypass Vulnerability

Currently trending CVE - Hype Score: 13 - When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit ...

Currently trending CVE - Hype Score: 1 - Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or ...

Currently trending CVE - Hype Score: 1 - The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" ...

Currently trending CVE - Hype Score: 1 - This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.

Currently trending CVE - Hype Score: 3 - "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security ...

Currently trending CVE - Hype Score: 3 - "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update ...