🔥 Trending CVEs - Last 90 Days

A heap-based buffer overflow vulnerability in Azure Linux Virtual Machines allows authenticated local attackers to execute arbitrary code with elevate...

MobaXterm versions before 26.1 contain a path search order vulnerability where the application executes Notepad++ without specifying the full executab...

A local privilege escalation vulnerability allows low-privileged attackers with access to the UBR service account to gain full system control. This oc...

This vulnerability allows attackers to execute arbitrary code with administrative privileges by placing malicious DLL files in the same directory as t...

This vulnerability allows local attackers to escalate privileges on macOS systems by exploiting insecure Unix socket permissions in Acronis Cyber Prot...

CVE-2026-26034 is an incorrect default permissions vulnerability in Dell UPS Multi-UPS Management Console (MUMC) that allows attackers to execute arbi...

Delta Electronics CNCSoft-G2 has a file parsing vulnerability that allows out-of-bounds write when processing malicious files. This enables remote cod...

OpenViking versions 0.2.1 and earlier contain a path traversal vulnerability in .ovpack import handling that allows attackers to write arbitrary files...

This CVE describes a memory corruption vulnerability in alignment-based memory allocation functions. Attackers can exploit this to execute arbitrary c...

This CVE describes a buffer overflow vulnerability in Qualcomm software where user-supplied data is added without proper bounds checking, leading to m...

This vulnerability allows memory corruption when accessing the trusted execution environment (TEE) without proper privilege checks. Attackers could po...

This vulnerability allows memory corruption when multiple processes concurrently access shared buffers through IOCTL calls in Qualcomm drivers. Attack...

This vulnerability allows memory corruption when multiple processes concurrently access a shared buffer during IOCTL calls in Qualcomm components. Att...

This CVE describes a memory corruption vulnerability in Qualcomm Trusted Application (TA) invocation where accessing buffers with invalid length can l...

The installer for FinalCode Client by Digital Arts Inc. has incorrect default permissions that allow non-administrative users to execute arbitrary cod...

A stack buffer overflow vulnerability in GPAC multimedia framework allows attackers to execute arbitrary code or crash applications by providing malic...

This vulnerability allows authenticated low-privileged Windows users to escalate their privileges on systems running Genetec Update Service. Attackers...

A vulnerability in Trellix HX Agent's fekern.sys driver allows local attackers to escalate privileges and access lsass.exe memory via BYOVD techniques...

An out-of-bounds read vulnerability in the grpcfuse kernel module in Docker Desktop's Linux VM allows local attackers to write to /proc/docker entries...

This CVE describes a DLL hijacking vulnerability in eAI Technologies ERP software where authenticated local attackers can place malicious DLL files in...

This CVE describes a heap-based buffer overflow vulnerability in GIMP's ICNS file parser that allows remote code execution. Attackers can exploit this...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PGM image files in GIMP. The flaw exists...

CVE-2019-25435 is a local buffer overflow vulnerability in Sricam DeviceViewer 3.12.0.1 that allows authenticated attackers to execute arbitrary code ...

This vulnerability allows remote attackers to execute arbitrary code on Xmind installations by tricking users into opening malicious attachments. The ...

CVE-2026-26101 is an incorrect permission assignment vulnerability in Owl opds 2.2.0.4 that allows attackers to manipulate files through crafted netwo...

This vulnerability allows attackers to execute arbitrary code with administrative privileges by exploiting insecure DLL loading in the RICOH job log a...

ADB Explorer versions 0.9.26020 and below fail to validate the ADB binary path before execution, allowing arbitrary code execution with current user p...

This CVE describes a heap buffer overflow vulnerability in HDF5 software that allows attackers to trigger denial-of-service conditions through special...

This vulnerability allows local attackers to achieve privilege escalation to SYSTEM level by placing a malicious executable in a world-writable direct...

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious CATPART files in affected Autodesk products. Us...

A race condition vulnerability in the Linux kernel's ksmbd (SMB server) component allows use-after-free attacks in multi-channel SMB sessions. This af...

CVE-2025-33252 is a deserialization vulnerability in NVIDIA's NeMo Framework that allows remote attackers to execute arbitrary code. This affects orga...

A deserialization vulnerability in the OPC.Testclient utility within Rexroth IndraWorks allows attackers to execute arbitrary code by tricking users i...

This vulnerability in Rexroth IndraWorks allows attackers to execute arbitrary code on a user's system by tricking them into opening a malicious file,...

The NVIDIA NeMo Framework vulnerability allows remote code execution in distributed environments, enabling attackers to execute arbitrary code, escala...

CVE-2025-33246 is a command injection vulnerability in NVIDIA's NeMo Framework ASR Evaluator utility that allows attackers to execute arbitrary comman...

CVE-2025-33250 is a remote code execution vulnerability in NVIDIA's NeMo Framework that allows attackers to execute arbitrary code on affected systems...

The NVIDIA NeMo Framework vulnerability allows attackers to inject malicious code through crafted data inputs. Successful exploitation could lead to r...

NVIDIA Megatron Bridge contains a code injection vulnerability in a data shuffling tutorial component. Successful exploitation could allow attackers t...

This vulnerability in Softland FBackup allows local attackers to exploit a link following weakness (CWE-59) in the HID.dll library during backup/resto...

CVE-2025-65715 is a remote code execution vulnerability in Visual Studio Code's Code Runner extension that allows attackers to execute arbitrary code ...

A Use of Uninitialized Variable vulnerability in SOLIDWORKS eDrawings allows attackers to execute arbitrary code when users open specially crafted EPR...

An Out-Of-Bounds Write vulnerability in SOLIDWORKS eDrawings allows an attacker to execute arbitrary code by tricking a user into opening a malicious ...

Calero VeraSMART versions before 2026 R1 contain hardcoded AES encryption keys in the Veramark.Framework.dll file. This allows attackers with local sy...

CVE-2019-25345 is an unquoted service path vulnerability in Realtek IIS Codec Service that allows local attackers to execute arbitrary code with eleva...

NextVPN 4.10 has insecure file permissions that allow local users to modify executable files with full access rights. Attackers can replace system exe...

The M-Track Duo HD installer version 1.0.0 has a DLL hijacking vulnerability where attackers can place malicious DLLs in directories searched by the i...

A memory corruption vulnerability in Apple operating systems allows attackers with memory write capability to execute arbitrary code. This affects wat...

A package validation vulnerability in macOS allows malicious applications to gain root privileges. This affects macOS systems running versions before ...

This vulnerability allows a malicious application to gain root privileges on affected Apple devices. It affects macOS, iOS, iPadOS, and visionOS syste...