🔥 Trending CVEs - Last 90 Days

This vulnerability allows attackers to execute arbitrary code by exploiting DLL hijacking in PIONEER CORPORATION installers. When users run affected i...

Bio-Formats up to version 8.3.0 has unsafe Java deserialization in the Memoizer class, allowing attackers to execute arbitrary code by providing malic...

CVE-2026-21678 is a heap-buffer-overflow vulnerability in the IccTagXml() function of iccDEV, a library for ICC color management profiles. It allows a...

An origin validation error in Fujitsu Security Solution AuthConductor Client Basic V2 allows attackers with local Windows login access to execute arbi...

This CVE describes a memory corruption vulnerability in Qualcomm DSP (Digital Signal Processor) drivers where passing memory pages with unaligned star...

This CVE describes a memory corruption vulnerability in a Qualcomm kernel driver that could allow attackers to execute arbitrary code with kernel priv...

This CVE describes a memory corruption vulnerability in Qualcomm components where incorrect offset calculations during overlapping buffer copy operati...

A memory corruption vulnerability occurs when launching secure applications on devices with insufficient memory, potentially allowing attackers to exe...

This vulnerability involves memory corruption in the trusted application's secure logging command processing, which could allow attackers to execute a...

This vulnerability allows memory corruption in the trusted application when processing identity credential operations, potentially leading to arbitrar...

This CVE describes a double-free vulnerability in Qualcomm components where concurrent thread access to shared resources can cause memory corruption. ...

This vulnerability involves memory corruption in sensor IOCTL preprocessing, allowing attackers to potentially execute arbitrary code or cause system ...

This vulnerability involves memory corruption during HDCP session deinitialization, potentially allowing attackers to execute arbitrary code or cause ...

This CVE describes a memory corruption vulnerability in Qualcomm video processing components that could allow attackers to execute arbitrary code or c...

This vulnerability allows a local attacker to execute arbitrary code by tricking AsusSoftwareManagerAgent into loading a malicious DLL from a controll...

This vulnerability involves integer overflow/underflow in the CIccXmlArrayType::ParseTextCountNum() function of iccDEV library, which could allow memo...

CVE-2025-20800 is an out-of-bounds write vulnerability in mminfra that allows local privilege escalation. Attackers with initial System privilege can ...

CVE-2025-20795 is an out-of-bounds write vulnerability in KeyInstall that allows local privilege escalation. Attackers with System privilege can explo...

This vulnerability in imgsys allows an attacker with System privilege to perform an out-of-bounds write through improper input validation, potentially...

This CVE describes a buffer overflow vulnerability in MediaTek battery management software that allows local privilege escalation. Attackers with init...

This vulnerability allows local privilege escalation on MediaTek devices through an out-of-bounds write in the battery subsystem. Attackers with initi...

CVE-2025-20799 is a use-after-free vulnerability in c2ps that allows memory corruption. This enables local privilege escalation from System privilege ...

This CVE describes a use-after-free memory corruption vulnerability in display components that could allow local privilege escalation. Attackers who a...

This CVE describes a use-after-free memory corruption vulnerability in a display component that could allow local privilege escalation. Attackers who ...

This CVE describes an out-of-bounds write vulnerability in a display component that could allow local privilege escalation. Attackers who already have...

This vulnerability allows non-admin users on Windows systems to perform DLL hijacking during Samsung Magician installation, leading to privilege escal...

This vulnerability in QNAP HBS 3 Hybrid Backup Sync allows attackers with local network access to manipulate file paths, potentially reading or modify...

This vulnerability allows local attackers to perform unauthorized raw disk operations due to an incorrect NULL DACL in SevenCs ORCA G2's regService pr...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SGI image files in FontForge. Attackers ...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of FontForge. Attackers can exploit this b...

A heap-based buffer overflow vulnerability in FontForge's BMP file parsing allows remote attackers to execute arbitrary code when users open malicious...

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious SFD font files in FontForge. Attackers c...

This vulnerability in Tenda networking devices allows local attackers to access hard-coded credentials through manipulation of the Shadow File compone...

Tosibox Key Service 3.3.0 has an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with SYSTEM priv...

CVE-2022-50795 is a conditional command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems up to version 2.x. Unauthenticated attackers ...

This is a command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems up to version 2.x. Local authenticated users can create malicious f...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on SOUND4 IMPACT/FIRST/PULSE/Eco systems by sending a single HTTP PO...

This CVE addresses an integer overflow vulnerability in the Linux kernel's iomap subsystem that could lead to memory corruption or system crashes. It ...

This CVE describes a use-after-free vulnerability in the Linux kernel's HID uclogic driver. When the input device is unregistered, it can trigger a ue...

This vulnerability in GnuPG (GNU Privacy Guard) allows an attacker to execute arbitrary code or cause a denial of service by sending specially crafted...

CVE-2025-12771 is a stack-based buffer overflow vulnerability in IBM Concert versions 1.0.0 through 2.1.0. A local authenticated user could exploit th...

The Eaton UPS Companion software has a vulnerability where insecure library loading allows attackers with access to the software package to execute ar...

This vulnerability involves a hardcoded encryption key in Device Manager software that allows attackers to decrypt sensitive information. It affects i...

This vulnerability allows local attackers with low-privileged access to escalate privileges to SYSTEM level by exploiting an exposed dangerous functio...

This vulnerability allows local attackers to escalate privileges on TradingView Desktop installations by exploiting an uncontrolled search path in the...

This vulnerability in RealDefense SUPERAntiSpyware allows local attackers who already have low-privileged access to escalate to SYSTEM privileges by e...

This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM-level acc...

This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM level. At...

This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM-level acc...

This vulnerability in RealDefense SUPERAntiSpyware allows local attackers to escalate privileges from low-privileged user accounts to SYSTEM level. At...