Switch View
Source: CVE Monitor
Filter zurücksetzen
© Sector News
10.02.2026
CVE-2025-55182
News Preview
Currently trending CVE - Hype Score: 36 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...
© CVE Monitor 2026
© Sector News
10.02.2026
CVE-2026-1731
News Preview
Currently trending CVE - Hype Score: 12 - BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating ...
© CVE Monitor 2026
© Sector News
10.02.2026
CVE-2024-12356
News Preview
Currently trending CVE - Hype Score: 12 - A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
© CVE Monitor 2026
Worth to know
20.10.2025
Short Selling Radar
USA, Europe, Asia
Track Short Selling Activities worldwide
Knowing what matters
Leerverkaufsstatistiken, Hedge-Fund Aktivitäten und viele weitere nutzerwertige Informationen benutzerfreundlich aufbereitet
© Sector News
10.02.2026
CVE-2025-1974
News Preview
Currently trending CVE - Hype Score: 12 - A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the ...
© CVE Monitor 2026
Swarmalpha i/o · The Event Futures Prediction X
23.01.2026
© Sector News
10.02.2026
CVE-2025-43300
News Preview
Currently trending CVE - Hype Score: 14 - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have ...
© CVE Monitor 2026
© Sector News
10.02.2026
CVE-2025-34164
News Preview
Currently trending CVE - Hype Score: 1 - A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.
© CVE Monitor 2026
© Sector News
10.02.2026
CVE-2025-54068
News Preview
Currently trending CVE - Hype Score: 15 - Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This ...
© CVE Monitor 2026
© Sector News
10.02.2026
CVE-2025-68947
News Preview
Currently trending CVE - Hype Score: 20 - NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.
© CVE Monitor 2026
© Sector News
10.02.2026
CVE-2025-30208
News Preview
Currently trending CVE - Hype Score: 15 - Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and ...
© CVE Monitor 2026
© Sector News
10.02.2026
CVE-2025-26399
News Preview
Currently trending CVE - Hype Score: 30 - SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which ...
© CVE Monitor 2026
© Sector News
10.02.2026
CVE-2025-34165
News Preview
Currently trending CVE - Hype Score: 10 - A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.
© CVE Monitor 2026
© Sector News
09.02.2026
CVE-2025-59473
News Preview
Currently trending CVE - Hype Score: 7 - SQL Injection vulnerability in the Structure for Admin authenticated user
© CVE Monitor 2026
Advertisment
20.10.2025
© Sector News
09.02.2026
CVE-2025-66959
News Preview
Currently trending CVE - Hype Score: 5 - An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder
© CVE Monitor 2026
© Sector News
09.02.2026
CVE-2025-66960
News Preview
Currently trending CVE - Hype Score: 5 - An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
© CVE Monitor 2026
© Sector News
09.02.2026
CVE-2025-3052
News Preview
Currently trending CVE - Hype Score: 10 - An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting ...
© CVE Monitor 2026
© Sector News
09.02.2026
CVE-2025-15566
News Preview
Currently trending CVE - Hype Score: 1 - A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and ...
© CVE Monitor 2026
© Sector News
08.02.2026
CVE-2025-11953
News Preview
Currently trending CVE - Hype Score: 1 - The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server ...
© CVE Monitor 2026
© Sector News
08.02.2026
CVE-2025-8088
News Preview
Currently trending CVE - Hype Score: 1 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
...
© CVE Monitor 2026
© Sector News
08.02.2026
CVE-2024-5242
News Preview
Currently trending CVE - Hype Score: 1 - TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this ...
© CVE Monitor 2026
© Sector News
08.02.2026
CVE-2025-13375
News Preview
Currently trending CVE - Hype Score: 1 - IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
© CVE Monitor 2026
© Sector News
08.02.2026
CVE-2026-24423
News Preview
Currently trending CVE - Hype Score: 1 - SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be ...
© CVE Monitor 2026
© Sector News
08.02.2026
CVE-2025-6978
News Preview
Currently trending CVE - Hype Score: 1 - Diagnostics command injection vulnerability
© CVE Monitor 2026
© Sector News
08.02.2026
CVE-2025-20393
News Preview
Currently trending CVE - Hype Score: 8 - A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges.
This ...
© CVE Monitor 2026
© Sector News
08.02.2026
CVE-2025-40551
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
© CVE Monitor 2026
© Sector News
07.02.2026
CVE-2025-22225
News Preview
Currently trending CVE - Hype Score: 1 - VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
© CVE Monitor 2026
© Sector News
07.02.2026
CVE-2025-61732
News Preview
Currently trending CVE - Hype Score: 1 - A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
© CVE Monitor 2026
© Sector News
07.02.2026
CVE-2026-25049
News Preview
Currently trending CVE - Hype Score: 1 - n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running ...
© CVE Monitor 2026
© Sector News
07.02.2026
CVE-2025-68121
News Preview
Currently trending CVE - Hype Score: 1 - During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and ...
© CVE Monitor 2026
© Sector News
07.02.2026
CVE-2025-68613
News Preview
Currently trending CVE - Hype Score: 1 - n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions ...
© CVE Monitor 2026
© Sector News
06.02.2026
CVE-2025-46285
News Preview
Currently trending CVE - Hype Score: 17 - An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root ...
© CVE Monitor 2026
© Sector News
06.02.2026
CVE-2025-29824
News Preview
Currently trending CVE - Hype Score: 10 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2025-14321
News Preview
Currently trending CVE - Hype Score: 8 - Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2025-64328
News Preview
Currently trending CVE - Hype Score: 7 - FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known ...
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2025-0921
News Preview
Currently trending CVE - Hype Score: 1 - Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric ...
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2024-54529
News Preview
Currently trending CVE - Hype Score: 8 - A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2019-19006
News Preview
Currently trending CVE - Hype Score: 6 - Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2025-43529
News Preview
Currently trending CVE - Hype Score: 1 - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2023-27350
News Preview
Currently trending CVE - Hype Score: 3 - This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-49825
News Preview
Currently trending CVE - Hype Score: 3 - Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-6218
News Preview
Currently trending CVE - Hype Score: 3 - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-61984
News Preview
Currently trending CVE - Hype Score: 1 - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-37947
News Preview
Currently trending CVE - Hype Score: 2 - In the Linux kernel, the following vulnerability has been resolved:
ksmbd: prevent out-of-bounds stream writes by validating *pos
ksmbd_vfs_stream_write() did not validate whether the write offset
(*pos) was within the bounds of the existing stream data length (v_len).
If *pos ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-69662
News Preview
Currently trending CVE - Hype Score: 2 - SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-14554
News Preview
Currently trending CVE - Hype Score: 1 - The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2024-28397
News Preview
Currently trending CVE - Hype Score: 1 - An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-71180
News Preview
Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved:
counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as
CONFIG_PROVE_RAW_LOCK_NESTING warns:
=============================
[ BUG: Invalid wait ...
© CVE Monitor 2026
© Sector News
02.02.2026
CVE-2025-40536
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
© CVE Monitor 2026
© Sector News
02.02.2026
CVE-2025-13881
News Preview
Currently trending CVE - Hype Score: 1 - A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.
© CVE Monitor 2026
© Sector News
02.02.2026
CVE-2024-12084
News Preview
Currently trending CVE - Hype Score: 1 - A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 ...
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2025-40554
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2025-40552
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2024-49039
News Preview
Currently trending CVE - Hype Score: 6 - Windows Task Scheduler Elevation of Privilege Vulnerability
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2025-40553
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2024-51567
News Preview
Currently trending CVE - Hype Score: 6 - upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell ...
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2024-9680
News Preview
Currently trending CVE - Hype Score: 6 - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < ...
© CVE Monitor 2026
© Sector News
01.02.2026
CVE-2024-30088
News Preview
Currently trending CVE - Hype Score: 6 - Windows Kernel Elevation of Privilege Vulnerability
© CVE Monitor 2026
© Sector News
31.01.2026
CVE-2025-5419
News Preview
Currently trending CVE - Hype Score: 11 - Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
© CVE Monitor 2026
© Sector News
31.01.2026
CVE-2025-52691
News Preview
Currently trending CVE - Hype Score: 1 - Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
© CVE Monitor 2026
© Sector News
31.01.2026
CVE-2025-15467
News Preview
Currently trending CVE - Hype Score: 3 - Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS ...
© CVE Monitor 2026
© Sector News
30.01.2026
CVE-2024-9932
News Preview
Currently trending CVE - Hype Score: 1 - The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary ...
© CVE Monitor 2026
