CVE Tracker
Every vulnerability in the news, ranked by real-world risk.
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files.
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Rout
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Cataly
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H
Microsoft Defender Link Following Vulnerability
SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate.
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security rest
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achi
In multiple locations, there is a possible way to achieve code execution due to an integer overflow.
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
Fortinet FortiClient EMS Improper Access Control Vulnerability
Marimo Remote Code Execution Vulnerability
Nx Console Embedded Malicious Code Vulnerability
TanStack Unspecified Vulnerability
Daemon Tools Lite Embedded Malicious Code Vulnerability
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
Sangoma FreePBX OS Command Injection Vulnerability
Sangoma FreePBX Authentication Bypass Vulnerability
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Meta Platforms WhatsApp Incorrect Authorization Vulnerability
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Drupal Core SQL Injection Vulnerability
Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Langflow Origin Validation Error Vulnerability
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Microsoft DirectX NULL Byte Overwrite Vulnerability
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Windows Buffer Overflow Vulnerability
Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Microsoft Exchange Server Cross-Site Scripting Vulnerability
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerabilit
Microsoft Windows Use After Free Vulnerability
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Microsoft Windows SMB Client Improper Access Control Vulnerability
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Microsoft SMBv1 Remote Code Execution Vulnerability
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
BerriAI LiteLLM SQL Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
CWP Control Web Panel OS Command Injection Vulnerability
Meta React Server Components Remote Code Execution Vulnerability
Linux Kernel Privilege Escalation Vulnerability
Linux Kernel Improper Privilege Management Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Linux Kernel Heap Out-of-Bounds Write Vulnerability
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability