Switch View
Source: CVE Monitor
Filter zurücksetzen
© Sector News
30.01.2026
CVE-2025-36911
News Preview
Currently trending CVE - Hype Score: 1 - In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for ...
© CVE Monitor 2026
© Sector News
29.01.2026
CVE-2025-14174
News Preview
Currently trending CVE - Hype Score: 8 - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
© CVE Monitor 2026
© Sector News
29.01.2026
CVE-2026-23760
News Preview
Currently trending CVE - Hype Score: 1 - SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system ...
© CVE Monitor 2026
Worth to know
20.10.2025
Short Selling Radar
USA, Europe, Asia
Track Short Selling Activities worldwide
Knowing what matters
Leerverkaufsstatistiken, Hedge-Fund Aktivitäten und viele weitere nutzerwertige Informationen benutzerfreundlich aufbereitet
© Sector News
29.01.2026
CVE-2025-59718
News Preview
Currently trending CVE - Hype Score: 7 - A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 ...
© CVE Monitor 2026
Swarmalpha i/o · The Event Futures Prediction X
23.01.2026
© Sector News
29.01.2026
CVE-2025-27237
News Preview
Currently trending CVE - Hype Score: 12 - In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
© CVE Monitor 2026
© Sector News
28.01.2026
CVE-2024-37079
News Preview
Currently trending CVE - Hype Score: 3 - vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
© CVE Monitor 2026
© Sector News
28.01.2026
CVE-2025-25257
News Preview
Currently trending CVE - Hype Score: 18 - An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an ...
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-56005
News Preview
Currently trending CVE - Hype Score: 4 - An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` function. This parameter accepts a `.pkl` file that is deserialized with `pickle.load()` without validation. Because ...
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-67968
News Preview
Currently trending CVE - Hype Score: 7 - Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-58360
News Preview
Currently trending CVE - Hype Score: 7 - GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms ...
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-38352
News Preview
Currently trending CVE - Hype Score: 6 - In the Linux kernel, the following vulnerability has been resolved:
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
If an exiting non-autoreaping task has already passed exit_notify() and
calls handle_posix_cpu_timers() from IRQ, it can ...
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-61882
News Preview
Currently trending CVE - Hype Score: 5 - Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to ...
© CVE Monitor 2026
Advertisment
20.10.2025
© Sector News
27.01.2026
CVE-2025-13223
News Preview
Currently trending CVE - Hype Score: 4 - Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
© CVE Monitor 2026
© Sector News
27.01.2026
CVE-2025-51683
News Preview
Currently trending CVE - Hype Score: 12 - A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
© CVE Monitor 2026
© Sector News
26.01.2026
CVE-2025-68645
News Preview
Currently trending CVE - Hype Score: 1 - A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the ...
© CVE Monitor 2026
© Sector News
26.01.2026
CVE-2025-34026
News Preview
Currently trending CVE - Hype Score: 1 - The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace ...
© CVE Monitor 2026
© Sector News
25.01.2026
CVE-2025-13878
News Preview
Currently trending CVE - Hype Score: 1 - Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
© CVE Monitor 2026
© Sector News
25.01.2026
CVE-2025-59719
News Preview
Currently trending CVE - Hype Score: 1 - An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
© CVE Monitor 2026
© Sector News
25.01.2026
CVE-2025-2294
News Preview
Currently trending CVE - Hype Score: 12 - The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the ...
© CVE Monitor 2026
© Sector News
24.01.2026
CVE-2025-11460
News Preview
Currently trending CVE - Hype Score: 10 - Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)
© CVE Monitor 2026
© Sector News
24.01.2026
CVE-2025-33073
News Preview
Currently trending CVE - Hype Score: 1 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
© CVE Monitor 2026
© Sector News
24.01.2026
CVE-2025-54918
News Preview
Currently trending CVE - Hype Score: 14 - Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
© CVE Monitor 2026
© Sector News
24.01.2026
CVE-2024-23265
News Preview
Currently trending CVE - Hype Score: 12 - A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to ...
© CVE Monitor 2026
© Sector News
22.01.2026
CVE-2025-60021
News Preview
Currently trending CVE - Hype Score: 1 - Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command.
Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided ...
© CVE Monitor 2026
© Sector News
21.01.2026
CVE-2025-31201
News Preview
Currently trending CVE - Hype Score: 12 - This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware ...
© CVE Monitor 2026
© Sector News
21.01.2026
CVE-2025-31200
News Preview
Currently trending CVE - Hype Score: 12 - A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple ...
© CVE Monitor 2026
© Sector News
21.01.2026
CVE-2025-69263
News Preview
Currently trending CVE - Hype Score: 9 - pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who ...
© CVE Monitor 2026
© Sector News
20.01.2026
CVE-2025-64155
News Preview
Currently trending CVE - Hype Score: 1 - An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an ...
© CVE Monitor 2026
© Sector News
19.01.2026
CVE-2025-67647
News Preview
Currently trending CVE - Hype Score: 12 - SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 through 2.49.4, the vulnerability ...
© CVE Monitor 2026
© Sector News
16.01.2026
CVE-2025-8110
News Preview
Currently trending CVE - Hype Score: 1 - Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
© CVE Monitor 2026
© Sector News
16.01.2026
CVE-2025-59466
News Preview
Currently trending CVE - Hype Score: 13
© CVE Monitor 2026
© Sector News
16.01.2026
CVE-2025-12420
News Preview
Currently trending CVE - Hype Score: 2 - A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform.
ServiceNow has addressed this vulnerability by deploying a ...
© CVE Monitor 2026
© Sector News
16.01.2026
CVE-2025-68119
News Preview
Currently trending CVE - Hype Score: 24
© CVE Monitor 2026
© Sector News
16.01.2026
CVE-2025-61728
News Preview
Currently trending CVE - Hype Score: 24
© CVE Monitor 2026
© Sector News
16.01.2026
CVE-2025-61726
News Preview
Currently trending CVE - Hype Score: 24
© CVE Monitor 2026
© Sector News
16.01.2026
CVE-2025-61731
News Preview
Currently trending CVE - Hype Score: 24
© CVE Monitor 2026
© Sector News
16.01.2026
CVE-2025-61730
News Preview
Currently trending CVE - Hype Score: 24
© CVE Monitor 2026
© Sector News
15.01.2026
CVE-2025-65018
News Preview
Currently trending CVE - Hype Score: 7 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function ...
© CVE Monitor 2026
© Sector News
15.01.2026
CVE-2026-22801
News Preview
Currently trending CVE - Hype Score: 7 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and ...
© CVE Monitor 2026
© Sector News
15.01.2026
CVE-2026-22695
News Preview
Currently trending CVE - Hype Score: 7 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing ...
© CVE Monitor 2026
© Sector News
15.01.2026
CVE-2025-14847
News Preview
Currently trending CVE - Hype Score: 6 - Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 ...
© CVE Monitor 2026
© Sector News
15.01.2026
CVE-2025-68472
News Preview
Currently trending CVE - Hype Score: 1 - MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing ...
© CVE Monitor 2026
© Sector News
13.01.2026
CVE-2025-66032
News Preview
Currently trending CVE - Hype Score: 31 - Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability ...
© CVE Monitor 2026
© Sector News
13.01.2026
CVE-2025-68668
News Preview
Currently trending CVE - Hype Score: 26 - n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute ...
© CVE Monitor 2026
© Sector News
13.01.2026
CVE-2025-68493
News Preview
Currently trending CVE - Hype Score: 16 - Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue.
© CVE Monitor 2026
© Sector News
13.01.2026
CVE-2025-61686
News Preview
Currently trending CVE - Hype Score: 4 - React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno ...
© CVE Monitor 2026
© Sector News
13.01.2026
CVE-2025-4275
News Preview
Currently trending CVE - Hype Score: 4 - A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass ...
© CVE Monitor 2026
© Sector News
13.01.2026
CVE-2025-29927
News Preview
Currently trending CVE - Hype Score: 1 - Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in ...
© CVE Monitor 2026
© Sector News
13.01.2026
CVE-2025-69258
News Preview
Currently trending CVE - Hype Score: 3 - A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
© CVE Monitor 2026
© Sector News
13.01.2026
CVE-2025-37164
News Preview
Currently trending CVE - Hype Score: 1 - A remote code execution issue exists in HPE OneView.
© CVE Monitor 2026
