Trending CVEs

Vulnerability: Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie, exploiting unrestricted calls to PHP's unserialize() function combined with gadget chains in Magento and its dependencies.

Trending: CVE-2026-45247 is trending due to CISA adding it to its Known Exploited Vulnerabilities catalog after reports of active exploitation in the wild, with multiple security researchers and news outlets highlighting the critical CVSS 9.8 rating and urgent need for Magento store administrators to patch immediately.

Vulnerability: CVE-2025-48595 is an integer overflow vulnerability in the Android Framework that enables local privilege escalation without requiring additional execution privileges or user interaction. The vulnerability affects Android devices and has been confirmed to be actively exploited in targeted attacks.

Trending: The vulnerability is trending due to active exploitation in the wild, with CISA adding it to its Known Exploited Vulnerabilities (KEV) catalog and warning of ongoing attacks. Google released patches for the flaw in its June 2026 Android security update alongside 123 other vulnerabilities, making it a high-profile zero-day affecting millions of devices.

Vulnerability: An authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway allows attackers to establish unauthorized VPN connections without credentials. Panorama and Cloud NGFW deployments are not affected.

Trending: The flaw is trending due to active exploitation in the wild weeks after disclosure, with Rapid7 confirming threat actors are leveraging the credential-less bypass to breach corporate networks. CISA has added it to its known exploited vulnerabilities catalog, prompting urgent patching advisories across affected enterprises.

Vulnerability: The Kirki – Freeform Page Builder plugin for WordPress (versions 6.0.0 to 6.0.6) contains a critical privilege escalation vulnerability that allows unauthenticated attackers to perform account takeover by sending password reset links to arbitrary email addresses, enabling them to hijack any user account including administrators.

Trending: The vulnerability is trending due to active exploitation in the wild, with multiple security outlets reporting that hackers are actively exploiting CVE-2026-8206 to hijack WordPress admin accounts on hundreds of thousands of affected websites. The high CVSS score of 9.8 and lack of available fixes have generated widespread coverage across security news platforms and social media.

Vulnerability: CVE-2026-20230 is a critical server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) caused by improper input validation in specific HTTP requests. An unauthenticated remote attacker can exploit this vulnerability to write files to the underlying operating system and potentially escalate privileges to root, though the WebDialer service must be enabled to be exploited.

Trending: The vulnerability is trending due to the public availability of proof-of-concept (PoC) code and Cisco's release of patches (version 14SU6 and later), with security researchers and organizations urging immediate patching. While no active exploits in the wild have been reported yet, the critical severity rating and accessible PoC have generated significant attention across security media and social platforms.

Vulnerability: CVE-2026-45585, known as "YellowKey," is a security feature bypass vulnerability in Windows that allows attackers to circumvent BitLocker full-disk encryption protections. Microsoft has issued temporary mitigation guidance while working on a security update, noting that the vulnerability is not exploitable for users employing TPM+PIN authentication.

Trending: The vulnerability is trending due to its connection to a broader controversy involving researcher "Nightmare Eclipse" who publicly disclosed proof-of-concept exploits for multiple Microsoft zero-days without coordinated disclosure, prompting Microsoft to threaten legal action and drawing significant debate about responsible vulnerability disclosure practices in the security community.

Vulnerability: CVE-2026-41091 is an improper link resolution vulnerability in Microsoft Defender that allows an authorized attacker to elevate privileges locally. The flaw affects Microsoft's malware protection components.

Trending: The vulnerability is trending due to active exploitation in the wild and emergency patching by Microsoft, with CISA adding it to its Known Exploited Vulnerabilities catalog. The incident has gained additional attention amid a broader controversy involving a researcher publicly disclosing multiple Microsoft zero-days without coordinated notification, triggering legal threats from Microsoft.

Vulnerability: CVE-2026-45498 is a denial of service vulnerability affecting Microsoft Defender's malware protection components. The flaw allows local attackers to cause the anti-malware service to stop working correctly, potentially compromising system security.

Trending: This vulnerability is trending due to its exploitation in active attacks and inclusion in CISA's Known Exploited Vulnerabilities catalog. The disclosure is part of a broader controversy involving researcher "Nightmare Eclipse" publicly releasing multiple unpatched Microsoft zero-days without coordinated notification, prompting Microsoft's legal threats and law enforcement involvement.

Vulnerability: CWE-326 in BOSH allows local attackers to steal Basic-auth credentials or redirect UAA token requests via man-in-the-middle attacks due to hard-coded OpenSSL::SSL::VERIFY_NONE settings in HttpRequestHelper methods. All BOSH versions prior to v282.1.9 are affected, with the vulnerability fixed in v282.1.9 and later.

Trending: This vulnerability is trending due to its high severity (CVSS 8.8) and the credential theft and token hijacking risks it poses to BOSH deployments. Social media posts emphasize the urgency of patching, with multiple mentions noting that no fixes are available for versions before v282.1.9, prompting immediate update recommendations across infosec communities.

Vulnerability: OpenStack Mistral through version 22.0.0 allows arbitrary remote code execution when the API is exposed, with endpoints that enable code execution and potential exfiltration of service credentials.

Trending: The vulnerability is trending due to its critical severity (CVSS 9.9) and the absence of an available patch, with security researchers and platforms actively alerting users to restrict API access immediately to mitigate full system compromise risk.

Vulnerability: CVE-2026-41011 is a shell injection vulnerability in BOSH versions prior to v282.1.12 where unsanitized package names from uploaded tarballs are passed directly to shell commands without proper escaping, allowing attackers to execute arbitrary OS commands during package validation.

Trending: The vulnerability is receiving attention across security communities due to its high severity rating (CVSS 8.2-8.7) and the straightforward exploitation path via malicious package names in BOSH releases, with security researchers highlighting the need for immediate upgrades to patched versions.

Vulnerability: CVE-2020-17103 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that allows attackers to gain SYSTEM-level access on affected Windows systems. The flaw was originally reported by Google Project Zero researcher James Forshaw in 2020.

Trending: The vulnerability is trending due to the public release of a working exploit called "MiniPlasma" by researcher Nightmare Eclipse (Chaotic Eclipse), who claims the flaw remains exploitable on fully patched Windows 11 systems despite being marked as patched six years ago. This disclosure, along with five other Windows zero-days released without Microsoft coordination, has sparked significant controversy and prompted Microsoft to threaten legal action against the researcher for irresponsible vulnerability disclosure practices.

Vulnerability: CVE-2026-33825 (BlueHammer) is an insufficient granularity of access control flaw in Microsoft Defender that allows an authorized attacker to elevate privileges locally on Windows 10, Windows 11, and Windows Server platforms.

Trending: This vulnerability is trending due to active exploitation in the wild by threat actors, combined with significant controversy surrounding its public disclosure by a researcher known as Nightmare Eclipse (Chaotic Eclipse) without coordinated notification to Microsoft, which has responded with legal threats and law enforcement involvement.

Vulnerability: The Burst Statistics WordPress Analytics plugin versions 3.4.0 to 3.4.1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to impersonate administrators by exploiting improper return-value handling in the is_mainwp_authenticated() function, requiring only knowledge of an administrator username and any random password.

Trending: This vulnerability is trending due to active exploitation in the wild affecting approximately 200,000 WordPress sites, with security researchers at Wordfence documenting widespread attacks and admin account hijacking campaigns, prompting urgent calls for immediate updates to version 3.4.2 across multiple security communities and news outlets.

Vulnerability: A buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by sending specially crafted packets. Prisma Access, Cloud NGFW, and Panorama appliances are not affected.

Trending: CVE-2026-0300 is trending due to active exploitation in the wild, with multiple security researchers reporting live intrusions involving AD enumeration and payload delivery. The vulnerability is receiving significant attention across cybersecurity communities and has been added to CISA's Known Exploited Vulnerabilities catalog, prompting urgent patching recommendations from government agencies and security organizations.

Vulnerability: CVE-2026-41940 is an authentication bypass vulnerability in cPanel and WHM versions after 11.40 that allows unauthenticated remote attackers to gain unauthorized access to the control panel through improper neutralization of line delimiters (CRLF) in authentication headers and cookies.

Trending: The vulnerability is trending due to widespread exploitation in the wild, with approximately 1.5 million internet-facing cPanel servers exposed for nearly two months before a patch became available in late April 2026. Active attacks by threat actors deploying backdoors and ransomware have been documented, and security researchers have released public scanning tools, prompting urgent patching recommendations across hosting environments.

Vulnerability: Marimo, a reactive Python notebook, contains a pre-authentication remote code execution vulnerability in its terminal WebSocket endpoint (/terminal/ws) that lacks authentication validation, allowing unauthenticated attackers to obtain a full PTY shell and execute arbitrary system commands. The vulnerability affects versions prior to 0.23.0.

Trending: CVE-2026-39987 is trending due to active exploitation in the wild, with confirmed exploit code available in public repositories (CISA KEV, Nuclei, VulnCheck KEV) and documented post-exploitation activity involving LLM agents conducting follow-up attacks after initial compromise. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, and security researchers are highlighting it as part of a broader shift toward AI-assisted attack campaigns.

Vulnerability: SolarWinds Web Help Desk is affected by a denial-of-service vulnerability that can cause the server to crash due to insufficient memory, along with related vulnerabilities in components used by the software that could potentially allow malicious code execution.

Trending: The vulnerability is receiving attention from security news outlets following its recent publication, with coverage highlighting that while patches have been released in current versions, there are currently no indications of active exploitation in the wild.

Vulnerability: CVE-2026-33829 is an exposure of sensitive information vulnerability in Windows Snipping Tool that allows unauthorized attackers to perform spoofing over a network. The vulnerability affects Windows 10, Windows 11, and Windows Server 2012-2025 versions prior to the April 2026 patch.

Trending: This vulnerability is trending due to public disclosure of exploit details demonstrating NTLMv2 hash theft capabilities, with researchers releasing proof-of-concept code and video demonstrations. The issue gained attention as part of Microsoft's April 2026 Patch Tuesday release addressing 163 CVEs, with active exploitation concerns noted for related Windows credential theft vulnerabilities.

Vulnerability: CVE-2026-43284, known as "Dirty Frag," is a local privilege escalation vulnerability in the Linux kernel affecting the ESP-in-UDP packet handling and page-cache management. It impacts all major Linux distributions and allows attackers with local access to escalate privileges to root.

Trending: The vulnerability is trending due to active exploitation in the wild and a broken embargo that forced rushed patches across major distributions including IPFire, Tails, and NAS vendors like QNAP and Synology. Security researchers have highlighted it as a reliable privilege escalation vector, with public exploits released and discussion ongoing about potential kernel "kill switch" mechanisms as a mitigation strategy.

Vulnerability: A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and SD-WAN Manager allows unauthenticated remote attackers to bypass peering authentication and obtain administrative privileges. Successful exploitation enables attackers to access NETCONF and manipulate network configuration for the SD-WAN fabric.

Trending: CVE-2026-20182 is trending due to active zero-day exploitation by sophisticated threat actors targeting critical infrastructure, CISA's addition to the Known Exploited Vulnerabilities catalog with an emergency May 17 federal patch deadline, and widespread coverage across security media outlets highlighting the CVSS 10.0 severity rating.

Vulnerability: A buffer overflow vulnerability in Poly Voice products on the Linux platform allows remote code execution when Interactive Connectivity Establishment (ICE) is enabled by administrators. The flaw affects multiple IP-enabled conference phone models and can be exploited by unauthenticated attackers to gain root access.

Trending: The vulnerability is trending due to active disclosure by Rapid7 highlighting its critical nature (CVSS 9.2) and unauthenticated exploitability, with security outlets emphasizing risks including enterprise network breaches, eavesdropping capabilities, and potential voice deepfake generation. Patches have been released, contributing to urgent coverage across security news and social media platforms.

Vulnerability: CVE-2025-12762 is a Remote Code Execution vulnerability affecting pgAdmin versions up to 9.9 when running in server mode and performing restores from PLAIN-format dump files. The vulnerability allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin.

Trending: This vulnerability is trending due to its critical severity as an RCE affecting a widely-used database management tool, with the ability to compromise the integrity and security of both the pgAdmin system and underlying databases when exploited during restore operations.

Vulnerability: pgAdmin 4 versions up to 9.9 contain a command injection vulnerability on Windows systems caused by the use of shell=True during backup and restore operations, allowing attackers to execute arbitrary system commands through specially crafted file path input.

Trending: The vulnerability is receiving attention due to its direct exploitability on Windows systems through common administrative functions, with pgAdmin's widespread use in database management making it a notable target for potential attack chains.

Vulnerability: CVE-2025-12765 affects pgAdmin version 9.9 and earlier, allowing attackers to bypass TLS certificate verification in the LDAP authentication mechanism.

Trending: The vulnerability is trending due to active exploitation discussions and security alerts from multiple sources highlighting the risk of LDAP authentication bypass, which could allow unauthorized access to pgAdmin instances in enterprise environments.

Vulnerability: A privilege escalation vulnerability exists in the Linux kernel's cgroup_release_agent_write function that allows attackers to escalate privileges and bypass namespace isolation through the cgroups v1 release_agent feature. This affects Linux kernel systems using cgroups v1.

Trending: CVE-2022-0492 is trending due to recent in-the-wild exploitation warnings issued by CISA, with reports indicating active attacks being used for container escapes. The vulnerability is receiving increased attention as security agencies warn organizations about its exploitation in real-world attacks.

Vulnerability: A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function, which allows attackers to bypass directory restrictions and gain unauthorized read/write access to files in sibling directories. This vulnerability could expose sensitive data in shared hosting environments.

Trending: The vulnerability is gaining attention across social media platforms including Mastodon and Bluesky, with security researchers highlighting its high severity rating (8.1) and sharing details about the flawed path traversal protection mechanisms in the affected jupyter-server version.

Vulnerability: An Improper Control of Filename for Include/Require Statement vulnerability in Axiomthemes Crafti (versions up to 1.12) allows PHP Local File Inclusion attacks. This PHP remote file inclusion flaw could enable attackers to include and execute arbitrary files on affected systems.

Trending: The vulnerability is gaining attention across security-focused social media platforms including Mastodon and Bluesky, where it is being shared by cybersecurity news outlets with a high severity rating of 8.1. The widespread social media mentions indicate active awareness within the infosec community regarding this vulnerability in the Crafti plugin.

Vulnerability: A PHP Local File Inclusion vulnerability exists in UnboundStudio Accordion FAQ plugin versions up to 2.2.1, caused by improper control of filenames in include/require statements that could allow remote file inclusion attacks.

Trending: The vulnerability is being actively shared across social media platforms including Mastodon and Bluesky by security news outlets, with a CVSS score of 7.5 classified as high severity, generating awareness in the cybersecurity and infosec communities.

Vulnerability: A vulnerability in MLflow versions prior to 3.11.0 allows attackers to exfiltrate sensitive server-side environment credentials through the AI Gateway secrets feature, which improperly resolves environment variables in the api_key field and sends them to attacker-controlled endpoints. Low-privileged authenticated users in basic-auth deployments or unauthenticated users in default deployments can exploit this to leak cloud credentials like AWS access keys, potentially leading to artifact poisoning and cross-boundary code execution.

Trending: The vulnerability is gaining attention across security communities on Mastodon and Bluesky due to its critical severity rating (9.1) and the significant risk of cloud credential exposure affecting downstream environments. Security researchers are emphasizing the need for immediate patching to version 3.11.0 and restricting unauthenticated access to MLflow deployments.

Vulnerability: CVE-2026-49189 is a privilege escalation flaw affecting the Acer Connect M6E 5G WiFi Router, where unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.

Trending: The vulnerability is gaining attention due to its high severity rating and the lack of available patches, with security researchers warning that local applications can exploit the flaw to gain administrative control over affected Acer routers.

Vulnerability: A weak randomness vulnerability in BOSH-Ecosystem's windows-utilities-release allows network attackers to recover the Administrator password by exploiting a predictable, clock-seeded PRNG in the randomize_password job. All versions prior to v0.23.0 are affected, with the fix available in v0.23.0 and later.

Trending: The vulnerability is gaining attention on social media with mentions highlighting the high CVSS score of 7.5 and the practical attack scenario where attackers can estimate VM boot time to reconstruct a candidate password list, defeating the intended hardening control for local Administrator accounts.

Vulnerability: CVE-2026-49185 is a command/instruction injection vulnerability in FieldX MDM where the adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing attackers to execute arbitrary commands on affected systems.

Trending: This vulnerability is gaining attention due to its critical severity (CVSS 10) and active exploitation potential, with security researchers highlighting the lack of available patches and recommending immediate network isolation measures for vulnerable devices like the Acer Connect M6E 5G Router.

Vulnerability: CVE-2026-46300 is a Linux kernel vulnerability in the skbuff subsystem where the shared-frag marker (SKBFL_SHARED_FRAG) is lost during socket buffer coalescing, potentially allowing ESP input processing to decrypt data in-place over page-cache backed fragments. This affects all major Linux distributions.

Trending: The vulnerability, nicknamed "Fragnesia," is trending due to active exploitation in the wild and reports of it being a variant of the "Dirty Frag" class of privilege escalation flaws. Multiple Linux distributions including Tails, Debian, and others are actively patching the vulnerability, with security researchers and organizations like Microsoft warning about its use in local privilege escalation attacks targeting root access.

Vulnerability: CVE-2026-43500 is a local privilege escalation vulnerability in the Linux kernel's rxrpc subsystem that allows attackers to exploit unsafe decryption paths in DATA and RESPONSE packet handlers when externally-owned paged fragments are present. The vulnerability affects all major Linux distributions.

Trending: This vulnerability is trending as part of the "Dirty Frag" exploit family, which enables local privilege escalation to root access and has been actively exploited in the wild. The flaw has gained significant attention due to its high severity, coordinated disclosure across multiple security researchers, and widespread coverage in security news outlets, with kernel maintainers and major Linux distributions (Fedora, Pop!_OS, Tails, QNAP, Synology) rapidly releasing patches.

Vulnerability: Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. The vulnerability affects Microsoft 365 Android applications including Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop, and OneNote, caused by a debug flag left in production code.

Trending: The vulnerability is trending due to active exploitation potential across billions of Microsoft Android app downloads, with security researchers discovering that a single line of debug code in six major Microsoft 365 applications could compromise user account tokens. The finding was highlighted in Microsoft's May 2026 Patch Tuesday release alongside 132-138 other security patches, with multiple critical severity issues expected to be exploited within 30 days.

Vulnerability: Ghost is a Node.js content management system with an unauthenticated SQL injection vulnerability in versions 3.24.0 through 6.19.0 that allows attackers to perform arbitrary database reads. The vulnerability has been fixed in version 6.19.1.

Trending: This vulnerability is trending due to active exploitation in the wild, with threat actors compromising over 700 websites globally—including those of Harvard, Oxford, and DuckDuckGo—to extract administrative credentials and inject malicious JavaScript for large-scale ClickFix social engineering campaigns.

Vulnerability: An improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 allows unauthenticated attackers to execute unauthorized code or commands via crafted requests. The flaw has a CVSS score of 9.1 and affects enterprise endpoint management infrastructure.

Trending: CVE-2026-35616 is trending due to active exploitation in the wild, with threat actors delivering the EKZ infostealer malware to enterprise devices through FortiClient EMS. Multiple security researchers and vendors have reported ongoing attacks leveraging this vulnerability, with exploits circulating on platforms like Telegram and malware being disguised as legitimate software updates.

Vulnerability: A stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code remotely over a network without authentication. The vulnerability affects Windows Server systems running unpatched versions of the Netlogon component.

Trending: CVE-2026-41089 is trending due to active exploitation in the wild, with multiple sources confirming that attackers are leveraging this zero-click RCE flaw against unpatched domain controllers. Security authorities including Belgium's CCB and cybersecurity researchers have reported that the vulnerability requires only a malicious packet to compromise domain controllers, prompting urgent patching recommendations following Microsoft's May 2026 Patch Tuesday release.

Vulnerability: Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. When a decode filter callback raises an exception, the string pointer is not properly restored, leaving the scalar with an invalid pointer that causes the interpreter to abort when the scalar is freed.

Trending: The vulnerability is gaining attention on security-focused social media platforms including Mastodon and Bluesky, with infosec communities sharing the disclosure details and CVSS score of 7.5.

Vulnerability: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. This vulnerability affects systems that process MIME headers, particularly those using WordDecoder.DecodeHeader functionality.

Trending: CVE-2026-42504 is receiving attention across security platforms including Mastodon and Bluesky, with mentions highlighting its high severity rating (7.5) and the quadratic complexity issue that enables denial-of-service attacks through CPU exhaustion via malicious MIME headers.

Vulnerability: The mod_http2 module in Apache HTTP Server versions 2.4.17 through 2.4.23 does not properly restrict request-header length when HTTP/2 is enabled, allowing remote attackers to cause denial of service through crafted CONTINUATION frames that consume excessive memory.

Trending: CVE-2016-8740 is receiving renewed attention due to recent discovery of the "HTTP/2 Bomb" exploit technique, which chains this vulnerability with HTTP/2 header compression attacks to knock major web servers offline within seconds, affecting Apache, NGINX, IIS, Envoy, and other platforms.

Vulnerability: Apache HTTP Server 2.4.17 and 2.4.18 with mod_http2 enabled does not limit the number of simultaneous stream workers for a single HTTP/2 connection, allowing remote attackers to cause a denial of service by manipulating flow-control windows.

Trending: The vulnerability is receiving attention due to the discovery of an "HTTP/2 Bomb" exploit that combines compression attacks with connection hold techniques to knock web servers offline rapidly, affecting multiple server platforms including Apache, NGINX, IIS, Envoy, and Cloudflare infrastructure.

Vulnerability: CVE-2016-6581 is a denial of service vulnerability in the Python HPACK library (versions 1.0.0 to 2.2.0) that allows attackers to exploit HTTP/2 header compression through an "HPACK Bomb" attack, causing decompressed data to expand from 16kB to 64MB and potentially crashing affected web servers.

Trending: The vulnerability is trending due to recent discoveries of practical HTTP/2 bomb exploits that can knock major web servers offline within seconds, with reports indicating the attack affects popular platforms including NGINX, Apache, IIS, Envoy, and Cloudflare, combining compression bomb techniques with memory exhaustion tactics.

Vulnerability: A late release of memory after effective lifetime vulnerability exists in Apache HTTP Server versions 2.4.17 through 2.4.63, which can be exploited to cause denial-of-service conditions. Users are recommended to upgrade to version 2.4.64.

Trending: CVE-2025-53020 is trending due to reports of an "HTTP/2 Bomb" exploit that combines compression attacks with memory-holding techniques to knock major web servers offline, affecting Apache, NGINX, IIS, Envoy, and other platforms. Security researchers have demonstrated the practical exploitation of this vulnerability, generating significant attention across security news outlets and researcher communities.

Vulnerability: An SQL injection vulnerability in Drupal core allows unauthenticated attackers to compromise database integrity and potentially execute remote code. The flaw affects multiple versions of Drupal core, including 8.9.0 through 10.4.9, 10.5.0 through 10.5.9, 10.6.0 through 10.6.8, and all versions 11.0.0 through 11.3.9.

Trending: CVE-2026-9082 is trending due to active, in-the-wild exploitation occurring within 48 hours of patch release, with the vulnerability added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Multiple security outlets report that attackers are actively targeting Drupal installations across all supported versions, and German security advisories warn of ongoing attacks enabling unauthorized database access and remote code execution.

Vulnerability: Redis versions 7.2.0 through 8.6.3 contain a use-after-free vulnerability in the unblock client flow that can be exploited by authenticated attackers to achieve remote code execution when a blocked client is evicted during command re-execution.

Trending: The vulnerability is gaining attention due to its discovery by an autonomous AI tool after remaining undetected for two years, and its inclusion in weekly security recaps alongside other critical vulnerabilities. Security advisories highlight the need for careful upgrades to version 8.6.3 to address multiple RCE vulnerabilities in Redis client handling and related functions.

Vulnerability: Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.

Trending: The vulnerability is gaining attention as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families, including 29 critical severity issues and 13 expected to be exploited within 30 days.

Vulnerability: Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

Trending: This vulnerability is gaining attention as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families. The flaw is notable within a broader wave of critical Microsoft Office vulnerabilities, particularly affecting mobile platforms and token theft risks.

Vulnerability: Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.

Trending: CVE-2026-41101 is trending as part of Microsoft's May 2026 Patch Tuesday release, which addressed 132-138 security flaws across multiple product families, with 29 rated as Critical severity and 13 expected to be exploited within 30 days.