Trending CVEs

Vulnerability: CVE-2026-20093 is a critical authentication bypass vulnerability in Cisco Integrated Management Controller (IMC) that allows unauthenticated remote attackers to bypass authentication and gain admin access by sending crafted HTTP requests to change user passwords, affecting Cisco servers and appliances with IMC functionality.

Trending: This vulnerability is trending due to its critical CVSS 9.8 severity score, widespread impact across Cisco's server and appliance product lines, and extensive coverage across security news outlets and social media platforms highlighting the urgent need for patching and the risk of full administrative system compromise.

Vulnerability: An improper access control vulnerability in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute unauthorized code or commands via crafted requests, affecting the centralized management platform for Fortinet endpoint security solutions.

Trending: CVE-2026-35616 is trending due to active exploitation in the wild, with Fortinet confirming zero-day attacks occurring in real-time environments. Multiple security researchers and vendors have reported the vulnerability with a critical CVSS score of 9.1, and emergency hotfixes have been released, generating significant attention across cybersecurity news outlets and social media platforms.

Vulnerability: A use-after-free vulnerability in Dawn, Google Chrome's WebGPU implementation, prior to version 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. The vulnerability is rated as High severity by Chromium.

Trending: This vulnerability is trending due to confirmed active exploitation in the wild, with exploit code documented in both CISA's Known Exploited Vulnerabilities catalog and VulnCheck KEV. It marks Google's fourth zero-day vulnerability patched in 2026, prompting urgent global security responses and widespread calls for immediate browser updates across social media and security news outlets.

Vulnerability: An SQL injection vulnerability in Fortinet FortiClient EMS 7.4.4 allows unauthenticated attackers to execute unauthorized code or commands via specially crafted HTTP requests, enabling remote code execution and data exfiltration.

Trending: The vulnerability is actively being exploited in the wild with confirmed exploit code in circulation, generating widespread coverage across security news outlets and social media platforms due to the critical severity and immediate threat to thousands of internet-facing systems.

Vulnerability: TrueConf Client downloads application update code and applies it without performing verification, allowing an attacker who can influence the update delivery path to substitute a tampered payload and execute arbitrary code in the context of the updating process or user.

Trending: CVE-2026-3502 is trending due to active exploitation in the wild, with CISA adding it to its Known Exploited Vulnerabilities catalog and security researchers confirming that suspected China-nexus attackers have leveraged the vulnerability to distribute malware targeting government networks in Southeast Asia.

Vulnerability: The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress versions up to 1.9.8 contains hardcoded MySQL database credentials in the Mementor_TTS_Remote_Telemetry class. Unauthenticated attackers can extract and decode these credentials to gain unauthorized write access to the vendor's telemetry database.

Trending: Multiple security researchers and threat intelligence platforms are actively flagging this vulnerability across social media with HIGH severity ratings. The lack of an available patch has prompted recommendations to disable or restrict access to the plugin until remediation is available.

Vulnerability: CVE-2026-3055 is an insufficient input validation vulnerability in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP that leads to memory overread. The flaw could allow attackers to read sensitive data from affected systems.

Trending: This vulnerability is trending due to confirmed active exploitation in the wild, with exploit code publicly available in CISA KEV, Nuclei, and VulnCheck KEV databases. Multiple security alerts and advisories from organizations including JPCERT have been issued as attackers are actively probing systems for this critical flaw.

Vulnerability: A stack-based buffer overflow vulnerability exists in UTT HiPER 1250GW up to version 3.2.7-210907-180535 in the /goform/formRemoteControl function, where manipulation of the Profile argument can lead to remote code execution.

Trending: This vulnerability is receiving significant attention due to public exploit code being released and available for active attacks, with multiple security organizations highlighting the high severity rating (8.8) and noting that remote exploitation is possible without authentication.

Vulnerability: The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to and including 2.4.16 due to missing file name/path validation against path traversal sequences. Authenticated attackers with subscriber-level access and above can delete arbitrary files on the server by embedding crafted path traversal strings in forum posts.

Trending: CVE-2026-3666 is gaining attention across security communities on Mastodon and Bluesky due to its high severity rating (8.8) and the lack of a current fix. Social media mentions highlight concerns about the ease of exploitation by low-privileged users and recommend restricting user permissions and monitoring activity as interim mitigations.

Vulnerability: OpenClaw before version 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that allows callers with pairing privileges to approve device requests with broader scopes, including admin access, by exploiting missing scope validation in the device pairing implementation.

Trending: The vulnerability is trending across security communities on Bluesky and Mastodon due to its severity in AI agent platforms, with discussions highlighting that the flaw enables silent escalation to full admin access without secondary exploits needed, affecting a widely-used project with 347K GitHub stars, and prompting urgent patching recommendations.

Vulnerability: CVE-2025-53521 is a remote code execution vulnerability in F5 BIG-IP Access Policy Manager (APM) that allows unauthenticated attackers to execute arbitrary code when an APM access policy is configured on a virtual server. The vulnerability affects F5 BIG-IP systems that have not reached end of technical support.

Trending: The vulnerability is trending due to active exploitation in the wild and its reclassification from a denial-of-service issue to a critical pre-authentication RCE flaw with CVSS scores ranging from 9.3 to 9.8. CISA has added it to the Known Exploited Vulnerabilities (KEV) catalog, and security researchers have documented attackers deploying persistent malware with root privileges, prompting urgent patching advisories across multiple cybersecurity organizations and government agencies.

Vulnerability: The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to and including 8.4 due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts that execute when admin users access the Traffic by Title section.

Trending: The vulnerability is receiving attention across security communities on Bluesky and Mastodon, with mentions emphasizing its HIGH severity rating and lack of available patches. Security researchers are recommending immediate mitigation through access restrictions or plugin disablement until a fix is released.

Vulnerability: The Widgets for Social Photo Feed plugin for WordPress (versions up to 1.7.9) is vulnerable to Stored Cross-Site Scripting (XSS) via the 'feed_data' parameter due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts that execute when users access affected pages.

Trending: The vulnerability is trending due to its high severity rating and the lack of an available patch, with security researchers actively warning WordPress administrators to disable the plugin immediately to prevent exploitation.

Vulnerability: CVE-2026-33017 is an unauthenticated remote code execution flaw in Langflow (versions prior to 1.9.0) where the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint accepts attacker-supplied flow data containing arbitrary Python code that is executed without sandboxing. This affects all Langflow instances, particularly those storing sensitive credentials like OpenAI, Anthropic, and AWS keys.

Trending: The vulnerability is trending due to active exploitation in the wild within 20 hours of disclosure, prompting CISA to add it to its Known Exploited Vulnerabilities catalog with an urgent patch deadline. Multiple security organizations and researchers are highlighting the critical nature of the flaw and the speed of weaponization, with significant social media engagement across security communities.

Vulnerability: CVE-2026-32746 is an out-of-bounds write vulnerability in telnetd within GNU inetutils through version 2.7, triggered by improper buffer management in the LINEMODE SLC (Set Local Characters) suboption handler. The vulnerability affects systems running vulnerable versions of GNU inetutils telnetd.

Trending: The vulnerability is gaining attention due to reports of pre-authentication remote code execution capabilities with a CVSS rating of 9.8, along with notable coverage highlighting that the flaw is a 32-year-old bug dating back to 1994. Security researchers and multiple organizations, including NixOS, have been publishing patches and awareness content, contributing to its ranking among the top trending CVEs on social media with 27 interactions in the past week.

Vulnerability: CVE-2026-2699 is a critical unauthenticated vulnerability in Customer Managed ShareFile Storage Zones Controller (SZC) that allows attackers to access restricted configuration pages, leading to system configuration changes and potential remote code execution. Progress ShareFile deployments are affected.

Trending: This vulnerability is trending due to active exploitation chains being discussed, with security researchers demonstrating how it can be combined with other flaws (such as CVE-2026-2701) to achieve pre-authentication remote code execution. Multiple security outlets and threat intelligence sources are highlighting the severity and practical exploitability of the vulnerability.

Vulnerability: CVE-2026-2701 is a critical authenticated file upload vulnerability that allows users to upload and execute malicious files on the server, resulting in remote code execution. The vulnerability affects Progress ShareFile and potentially other systems.

Trending: CVE-2026-2701 is trending due to reports of it being chained with other vulnerabilities (CVE-2026-2699) to create pre-authentication remote code execution attacks against Progress ShareFile, with security researchers and threat intelligence sources highlighting active exploitation chains and CISA KEV list inclusion.

Vulnerability: The WCFM – Frontend Manager for WooCommerce plugin for WordPress contains an Insecure Direct Object Reference vulnerability in versions up to 6.7.25. Authenticated attackers with Vendor-level access and above can exploit multiple AJAX actions to modify order statuses, delete or modify posts, products, and pages regardless of ownership due to missing validation on user-supplied object IDs.

Trending: CVE-2026-4896 is receiving attention across security communities on Mastodon and Bluesky, with multiple threat intelligence and cybersecurity accounts publishing alerts and analyses about the vulnerability. The high severity rating (8.1) and widespread use of the WooCommerce plugin in WordPress environments are driving security researcher engagement and information sharing.

Vulnerability: A specific endpoint in Gardyn Cloud API allows authenticated users to pivot to other user profiles by modifying the id number in the API call, enabling unauthorized access to other accounts through an authorization bypass vulnerability.

Trending: This critical vulnerability (CVSS 9.1) is receiving significant attention across security-focused social media platforms, with multiple infosec accounts highlighting the lack of an available fix and recommending immediate endpoint access restrictions and monitoring for active misuse.

Vulnerability: CVE-2026-20131 is a critical remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) Software caused by insecure deserialization of Java objects. An unauthenticated remote attacker can exploit this by sending a crafted serialized Java object to the web-based management interface, potentially executing arbitrary code with root privileges on affected devices.

Trending: CVE-2026-20131 is receiving significant attention due to active exploitation in the wild by Interlock ransomware campaigns targeting Cisco FMC systems. The vulnerability has generated substantial social media engagement, ranking as the top CVE by interactions in recent tracking, with reports of proof-of-concept code containing webshells already appearing on GitHub and associated with known attack infrastructure patterns.

Vulnerability: A SQL injection vulnerability was identified in itsourcecode Online Enrollment System 1.0 in the Parameter Handler component of /sms/user/index.php, where manipulation of the USERID argument allows remote code execution. The vulnerability affects the system's user editing functionality.

Trending: CVE-2026-5534 is trending due to active social media coverage from cybersecurity threat intelligence accounts, with public exploit availability being highlighted as a concern for potential remote attacks.

Vulnerability: CVE-2026-28805 is a Time-Based Blind SQL Injection vulnerability in OpenSTAManager (open source management software for technical assistance and invoicing) prior to version 2.10.2. Multiple AJAX select handlers are vulnerable through the options[stato] GET parameter, allowing authenticated attackers to inject arbitrary SQL statements and extract sensitive data including usernames, password hashes, and financial records from the MySQL database.

Trending: The vulnerability is receiving attention across security-focused social media platforms including Bluesky and Mastodon, with security researchers and news outlets highlighting its high severity rating (8.8) and sharing information about the patched version 2.10.2 available to users.

Vulnerability: A security flaw in Tenda 4G03 Pro up to versions 1.0/1.1/04.03.01.53 affects the /bin/httpd file and results in improper access controls. The vulnerability allows remote attackers to exploit the affected device, and a public exploit has been released.

Trending: The vulnerability is gaining attention across security communities on platforms like Bluesky and Mastodon, with threat intelligence and OSINT researchers actively sharing CVE alerts and analysis following its recent publication on April 4, 2026.

Vulnerability: Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can exploit this by pasting a large buffer of repeated characters into the search bar to trigger an application crash.

Trending: The vulnerability is receiving attention from security monitoring accounts and threat intelligence sources on social media platforms including Mastodon and Bluesky, with recent CVE alert posts from security organizations documenting the denial of service vector affecting Wikipedia's search functionality.

Vulnerability: Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables into the service path, which execute with LocalSystem privileges upon service restart or system reboot.

Trending: The vulnerability is currently receiving attention from cybersecurity threat intelligence communities, with security researchers and threat monitoring services actively alerting and tracking CVE-2016-20060 across social media platforms and security feeds.

Vulnerability: Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite, enabling code execution through SEH chain exploitation via a malicious payload.

Trending: The vulnerability is receiving attention from threat intelligence and cybersecurity communities on social media platforms, with security researchers actively sharing CVE alerts and technical details about the buffer overflow and SEH exploitation method.

Vulnerability: 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files with specially formatted payloads in the ObjCaption parameter.

Trending: The vulnerability is receiving attention from security researchers and threat intelligence communities, with CVE alerts and threat intelligence posts circulating across social media platforms including Mastodon and Bluesky to inform the security community of this local code execution risk.

Vulnerability: sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.

Trending: The vulnerability is receiving attention from security researchers and threat intelligence communities, with alerts being shared across social media platforms including Mastodon and Bluesky. Coverage appears to be driven by security awareness and documentation efforts by organizations tracking CVE disclosures.

Vulnerability: Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges by placing a malicious executable in the unquoted service path and triggering service restart or system reboot to execute code with LocalSystem privileges.

Trending: The vulnerability is being actively discussed across security-focused social media platforms including Bluesky and Mastodon, with threat intelligence and cybersecurity communities sharing CVE alerts and information about the Netgate AMITI Antivirus flaw.

Vulnerability: CVE-2016-20059 is an unquoted service path vulnerability in IObit Malware Fighter 4.3.1 that affects the IMFservice and LiveUpdateSvc services, allowing local attackers to escalate privileges to LocalSystem by inserting a malicious executable in the unquoted service path.

Trending: The vulnerability is receiving attention from security researchers and threat intelligence communities on social media platforms, with recent posts from cybersecurity accounts highlighting the CVE alert and sharing information about the IObit Malware Fighter privilege escalation flaw.

Vulnerability: CVE-2016-20055 is an unquoted service path vulnerability in IObit Advanced SystemCare 10.0.2 that allows local attackers to escalate privileges to LocalSystem by placing a malicious executable in the service path and triggering execution when the AdvancedSystemCareService10 service restarts or the system reboots.

Trending: The vulnerability is receiving attention from cybersecurity researchers and threat intelligence communities, with posts from security-focused accounts on Bluesky and Mastodon highlighting the CVE and sharing alert information within the security community.

Vulnerability: NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges to LocalSystem by placing a malicious executable in the unquoted path and triggering a service restart or system reboot.

Trending: The vulnerability is receiving attention from security threat intelligence sources and CVE tracking platforms, with recent posts on Bluesky and Mastodon highlighting the privilege escalation risk in NETGATE Registry Cleaner.

Vulnerability: Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables into the unquoted service path and triggering service restart or system reboot to execute code with LocalSystem privileges.

Trending: The vulnerability is receiving security community attention through threat intelligence platforms and security research organizations sharing CVE alerts and technical details across social media channels, indicating active awareness and documentation within the cybersecurity community.

Vulnerability: The ProfilePress WordPress plugin (versions up to 4.16.11) contains a missing ownership verification vulnerability in the checkout process that allows authenticated subscribers to bypass membership payment requirements. Attackers can reference another user's subscription to manipulate proration calculations and obtain paid lifetime memberships without payment through the ppress_process_checkout AJAX action.

Trending: The vulnerability is receiving attention due to its HIGH severity rating and the absence of an available patch, with security researchers highlighting the risk to WordPress sites using the plugin and recommending immediate user role restrictions and activity monitoring as interim mitigations.

Vulnerability: PraisonAI versions 4.5.15 through 4.5.68 contain an OS command injection vulnerability where the --mcp CLI argument is passed directly to shlex.split() without validation, allowing arbitrary OS command execution as the process user.

Trending: This vulnerability is trending due to its critical severity rating (9.8) and active exploitation potential, with security researchers and threat intelligence platforms issuing urgent alerts recommending immediate patching to version 4.5.69 or isolation of affected systems to prevent complete system compromise.

Vulnerability: An out-of-bounds write vulnerability in Skia graphics engine in Google Chrome prior to version 146.0.7680.75 allows remote attackers to perform out-of-bounds memory access through a crafted HTML page. The vulnerability has a CVSS score of 8.8 and Chromium severity rating of High.

Trending: CVE-2026-3909 is trending due to active exploitation in the wild, with multiple security sources confirming the existence of working exploit code. Google released emergency patches across multiple Chrome versions this week to address this zero-day, and the vulnerability has generated significant social media discussion and security alerts urging immediate browser updates.

Vulnerability: Kestra, an open-source event-driven orchestration platform, contains a SQL Injection vulnerability in the "GET /api/v1/main/flows/search" endpoint prior to version 1.3.7 that leads to Remote Code Execution (RCE) through PostgreSQL's COPY ... TO PROGRAM command. Authenticated users can execute arbitrary OS commands on the host by visiting a crafted link.

Trending: The vulnerability is trending due to its critical severity (CVSS 9.9-10.0) and the ease of exploitation, requiring only an authenticated user to click a malicious link. Multiple security platforms and researchers are actively alerting users to upgrade to version 1.3.7 immediately.

Vulnerability: CVE-2026-34938 is a critical remote code execution vulnerability in PraisonAI versions prior to 1.5.90, where the execute_code() function's three-layer sandbox can be bypassed by passing a string subclass with an overridden startswith() method to the _safe_getattr wrapper, allowing attackers to achieve arbitrary OS command execution on the host system.

Trending: This vulnerability is trending due to its CVSS 10.0 critical severity rating and active exploitation potential, with multiple security researchers and alert systems highlighting the complete sandbox bypass and urging immediate patching to version 1.5.90 or later.

Vulnerability: An inappropriate implementation in V8 in Google Chrome prior to version 146.0.7680.75 allowed remote attackers to execute arbitrary code inside a sandbox via a crafted HTML page. This is a high-severity vulnerability affecting Google Chrome users.

Trending: CVE-2026-3910 is trending due to active exploitation in the wild, with confirmed exploit code documented in CISA's Known Exploited Vulnerabilities catalog and VulnCheck KEV. Multiple security agencies and researchers have issued urgent alerts urging immediate patching, and the vulnerability is being actively exploited alongside related Chrome zero-day CVE-2026-3909.

Vulnerability: Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter through the body2.ghp endpoint after establishing a session via chat.ghp.

Trending: The vulnerability is receiving attention from cybersecurity monitoring accounts and threat intelligence sources sharing CVE alerts and descriptions across social media platforms, indicating routine vulnerability tracking and dissemination among the security community.

Vulnerability: Suricata, a network IDS, IPS and NSM engine, is vulnerable to performance degradation prior to versions 7.0.15 and 8.0.4 due to inefficiency in KRB5 buffering. The vulnerability can be triggered by crafted Kerberos traffic, potentially allowing denial of service attacks against the monitoring system itself.

Trending: The vulnerability is gaining attention because it represents a practical attack vector where malicious Kerberos traffic can degrade or disable the network monitoring tools designed to detect such threats. Security researchers are highlighting the urgency of updating to patched versions 7.0.15 or 8.0.4 across social media platforms.

Vulnerability: CVE-2026-20127 is an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that allows unauthenticated remote attackers to obtain administrative privileges and manipulate network configurations through a compromised peering authentication mechanism.

Trending: The vulnerability is trending due to confirmed active exploitation in the wild, with exploit code available in CISA KEV, Metasploit modules, and VulnCheck KEV databases. CISA issued Emergency Directive 26-03 ordering federal agencies to immediately identify and patch affected systems, citing active attacks against US federal networks.

Vulnerability: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0 through 19.2.0, affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack packages. The flaw stems from unsafe deserialization of payloads sent to Server Function endpoints.

Trending: CVE-2025-55182 (React2Shell) is trending due to active large-scale exploitation targeting approximately 766 Next.js hosts, with threat actors deploying the NEXUS Listener tool to harvest database credentials, SSH keys, and cloud tokens at industrial scale. The vulnerability has also attracted security research attention, including a notable incident where researchers accessed threat actors' command-and-control dashboard, revealing the scope and sophistication of ongoing attacks.

Vulnerability: n8n versions 1.65.0 through 1.120.x contain a file access vulnerability that allows unauthenticated remote attackers to access files on the underlying server through execution of certain form-based workflows, potentially exposing sensitive information and enabling further system compromise. The issue is fixed in version 1.121.0.

Trending: The vulnerability is trending due to active exploitation in the wild, with CISA adding it to the Known Exploited Vulnerabilities catalog and security researchers documenting attacks against n8n instances. Multiple security organizations and media outlets are reporting on the issue, with some sources characterizing it as critical unauthenticated remote code execution affecting self-hosted deployments.

Vulnerability: CVE-2026-33634 is a supply chain attack affecting Aqua Security's Trivy vulnerability scanner and related GitHub Actions, where compromised credentials were used to publish malicious versions (Trivy v0.69.4, trivy-action versions 0.0.1–0.34.2, and setup-trivy versions 0.2.0–0.2.6) containing credential-stealing malware. The attack exploited incomplete credential rotation following an initial breach in late February 2026, allowing attackers to retain access and distribute malicious artifacts across widely-used CI/CD security tools.

Trending: CVE-2026-33634 is trending due to rapid exploitation in the wild with confirmed exploit code documented by CISA and VulnCheck, active attacks documented by CERT-EU linking the vulnerability to a 350GB data theft from Europa.eu, and CISA's addition of the vulnerability to its Known Exploited Vulnerabilities catalog. The incident has garnered significant security community attention due to the ironic compromise of a security scanner used across development pipelines, with multiple security agencies and researchers highlighting the critical risk to CI/CD infrastructure.

Vulnerability: mcp-remote is vulnerable to OS command injection when connecting to untrusted MCP servers through crafted input from the authorization_endpoint response URL, allowing attackers to execute arbitrary commands on affected systems.

Trending: The vulnerability is gaining attention due to its exploitation in OAuth-based authentication flows and its relevance to enterprise MCP server deployments, with security discussions highlighting it as part of broader authentication and authorization challenges in agentic AI and remote agent tool access scenarios.

Vulnerability: CVE-2025-14847, known as "MongoBleed," is a memory leak vulnerability in MongoDB's Zlib compressed protocol headers that allows unauthenticated clients to read uninitialized heap memory. The vulnerability affects MongoDB Server versions 3.6 through 8.2, including all patch versions prior to 3.6.0, 4.0.0, 4.2.0, 4.4.30, 5.0.32, 6.0.27, 7.0.28, 8.0.17, and 8.2.3.

Trending: CVE-2025-14847 is trending due to active exploitation in the wild, with security researchers and organizations warning of unauthenticated attackers leveraging the vulnerability for data exfiltration and potential full control of MongoDB servers. The disclosure by MongoDB Inc. on December 19, 2025, combined with reports of active exploitation and critical risk assessments, has generated significant attention across security communities.

Vulnerability: The Gravity SMTP plugin for WordPress (all versions up to 2.1.4) is vulnerable to Sensitive Information Exposure through an unauthenticated REST API endpoint that returns approximately 365 KB of JSON containing detailed system configuration data, including PHP version, loaded extensions, web server version, database details, WordPress version, all active plugins with versions, active theme, database table names, and configured API keys/tokens.

Trending: CVE-2026-4020 is trending due to confirmed exploit code being available in public repositories including Nuclei and VulnCheck KEV, indicating active exploitation potential in the wild.

Vulnerability: A stack-based buffer overflow vulnerability was discovered in Tenda AC10 version 16.03.10.10_multi_TDE01 in the fromSysToolChangePwd function of /bin/httpd. The vulnerability can be exploited remotely by manipulating the sys.userpass argument.

Trending: The vulnerability is gaining attention in security communities on platforms like Mastodon, with cybersecurity researchers and infosec professionals sharing alerts about its high severity rating (8.8) and remote exploitability across Tenda router discussions.

Vulnerability: A stack-based buffer overflow vulnerability was identified in Tenda AC10 version 16.03.10.10_multi_TDE01 affecting the fromSysToolChangePwd function in /bin/httpd. The vulnerability can be exploited remotely and may impact multiple endpoints.

Trending: The vulnerability is gaining attention in security communities, with posts highlighting its high CVSS score of 8.8 and remote exploitability, prompting discussions among cybersecurity professionals about the Tenda AC10 router's security posture.