🔥 Trending CVEs - Last 90 Days

SumatraPDF versions 3.5.2 and earlier contain a vulnerability where clicking 'Show in folder' in the File menu executes explorer.exe from the same dir...

GIGABYTE MacroHub has a local privilege escalation vulnerability where authenticated local attackers can execute arbitrary code with SYSTEM privileges...

A Server-Side Template Injection vulnerability in Calibre's Templite engine allows arbitrary code execution when converting ebooks using malicious cus...

This CVE describes a buffer overlap vulnerability in iccDEV's CIccTagMultiProcessElement::Apply() function where SrcPixel and DestPixel stack buffers ...

CVE-2025-15311 is an unauthorized code execution vulnerability in Tanium Appliance that allows attackers to execute arbitrary code without proper auth...

This vulnerability in iccDEV allows attackers to trigger an out-of-bounds read by providing a malformed ICC color profile. This can lead to memory dis...

A heap buffer overflow vulnerability in iccDEV's CIccIO::WriteUInt16Float() function allows attackers to cause denial of service or potentially execut...

A heap buffer overflow vulnerability exists in iccDEV's CIccFileIO::Read8() function when processing malformed ICC profile files. This allows attacker...

A stack-buffer-overflow vulnerability in iccDEV's CIccTagFloatNum::GetValues() function allows memory corruption when processing malformed ICC color p...

CVE-2026-25546 is a command injection vulnerability in godot-mcp that allows remote code execution. Attackers can inject shell metacharacters through ...

This vulnerability allows attackers to execute arbitrary shell commands on the build host by injecting shell metacharacters into melange's patch pipel...

A stack-based buffer overflow vulnerability in Autodesk 3ds Max allows arbitrary code execution when processing malicious GIF files. Attackers can exp...

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious project directories in Autodesk 3ds Max. The at...

A memory corruption vulnerability in Autodesk 3ds Max allows arbitrary code execution when processing malicious RGB files. This affects all users who ...

A malicious GIF file can trigger an out-of-bounds write vulnerability in Autodesk 3ds Max, allowing attackers to execute arbitrary code with the privi...

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious USD files in Autodesk Arnold or 3ds Max. Affect...

A stack-based buffer overflow vulnerability in Autodesk 3ds Max allows arbitrary code execution when parsing malicious GIF files. This affects users w...

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious RGB files in Autodesk 3ds Max. Users who open u...

This vulnerability in Samsung Dialer allows local attackers to launch arbitrary activities with the app's elevated privileges. It affects Samsung devi...

This vulnerability allows local attackers to launch arbitrary activities with Settings application privileges on Samsung devices. It affects Samsung m...

NVIDIA Megatron-LM contains a code injection vulnerability (CWE-94) where malicious data can lead to arbitrary code execution. This affects all platfo...

A stack-based buffer overflow vulnerability in iccDEV's icFixXml() function allows attackers to execute arbitrary code by crafting malicious NamedColo...

CVE-2026-24669 is an insecure password reset vulnerability in Open eClass (formerly GUnet eClass) that allows local attackers to reuse valid password ...

A local privilege escalation vulnerability in Quick Heal Total Security allows low-privileged users to restore quarantined files into protected system...

This vulnerability in CyberArk Endpoint Privilege Manager Agent allows a local user to escalate privileges by exploiting policy elevation of an Admini...

A local privilege escalation vulnerability in avanquest Driver Updater allows attackers with local access to gain SYSTEM-level privileges through the ...

This vulnerability allows local authenticated users on Brocade Fabric OS systems to escalate their privileges to root level using specific commands. I...

This vulnerability allows attackers to execute arbitrary code by exploiting insecure DLL loading in Roland Cloud Manager. Attackers can plant maliciou...

This vulnerability in Brocade Fabric OS allows authenticated local attackers with Bash shell access to read insecurely stored file contents, including...

This CVE describes a use-after-free vulnerability in Qualcomm GPU memory management where improper pointer handling during buffer deallocation can cau...

This vulnerability allows attackers to cause memory corruption by sending specially crafted IOCTL calls with invalid parameters to sensor property set...

CVE-2025-47359 is a use-after-free vulnerability in Qualcomm memory management APIs that allows memory corruption when multiple threads simultaneously...

This vulnerability allows attackers to bypass code signature verification in Native Access's XPC service on macOS through PID reuse attacks. An attack...

This CVE describes a use-after-free vulnerability in the cameraisp component that could allow local privilege escalation. Attackers with System privil...

CVE-2026-20412 is an out-of-bounds write vulnerability in the cameraisp component that allows local privilege escalation. Attackers with initial Syste...

CVE-2026-20409 is an out-of-bounds write vulnerability in the imgsys component that allows local privilege escalation. Attackers with initial System p...

This vulnerability in Salt's junos execution module allows remote code execution through unsafe YAML deserialization. Attackers can craft malicious YA...

This OS command injection vulnerability in Dell UnityVSA allows low-privileged local attackers to execute arbitrary commands with root privileges. It ...

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitr...

This vulnerability allows any local Windows user to escalate their privileges to local administrator by directly communicating with the LocalAdminServ...

CVE-2026-24905 is a command injection vulnerability in Inspektor Gadget's image building functionality. An attacker who can control the YAML gadget ma...

This vulnerability in SuperDuper! backup software allows local attackers to modify task templates to install arbitrary packages with root privileges a...

A memory corruption vulnerability in iccDEV library versions before 2.3.1.2 allows arbitrary code execution when processing malicious ICC color profil...

This vulnerability allows attackers to write arbitrary content to files they control by exploiting the '#cgo pkg-config:' directive in Go source files...

Dell PremierColor Panel Driver versions before 1.0.0.1 A01 contain an improper access control vulnerability that allows local low-privileged attackers...

This vulnerability in NVIDIA Display Driver for Windows allows attackers to exploit a use-after-free memory error. Successful exploitation could lead ...

An integer overflow vulnerability in NVIDIA's Windows GPU display driver kernel component (nvlddmkm.sys) could allow attackers to execute arbitrary co...

The NVIDIA Display Driver for Linux contains an integer overflow vulnerability in the kernel module that could allow local attackers to execute arbitr...

NVIDIA vGPU software contains a use-after-free vulnerability in the Virtual GPU Manager that allows a malicious guest VM to access heap memory after i...

The browserstack-local Node.js package version 1.5.8 contains a command injection vulnerability due to improper sanitization of the logfile variable i...