Trending CVEs

Vulnerability: Microsoft Office contains a security feature bypass vulnerability that allows an unauthorized local attacker to bypass security mechanisms. The vulnerability enables attackers to potentially circumvent intended security controls in Microsoft Office products.

Trending: The vulnerability is trending due to active exploitation by the Russian state-linked hacking group APT28 (Fancy Bear), which is using the CVE-2026-21509 exploit to target European maritime, transport, and government agencies. Cybersecurity firms like Zscaler and Trellix have reported on these sophisticated espionage campaigns targeting Ukraine and NATO-aligned countries.

Vulnerability: SolarWinds Web Help Desk is vulnerable to an untrusted data deserialization vulnerability that enables remote code execution (RCE) without authentication. This critical flaw could allow attackers to run commands directly on the host machine.

Trending: CISA has added CVE-2025-40551 to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Multiple cybersecurity sources report that the vulnerability is spreading rapidly, with federal agencies being instructed to patch the flaw immediately.

Vulnerability: SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method, allowing attackers to execute arbitrary OS commands by pointing the application to a malicious HTTP server.

Trending: CISA has added CVE-2026-24423 to its Known Exploited Vulnerabilities (KEV) Catalog, confirming active exploitation. The vulnerability is being used in ransomware attacks, with multiple cybersecurity sources warning about the critical nature of this remote code execution flaw.

Vulnerability: n8n is an open source workflow automation platform vulnerable to system command execution. Prior to versions 1.123.17 and 2.5.2, an authenticated user with workflow creation permissions could abuse crafted expressions to trigger unintended system commands on the host running n8n.

Trending: The vulnerability is attracting significant cybersecurity attention due to its critical nature, with multiple social media platforms discussing the potential for remote code execution. Security researchers are highlighting the severity of the flaw, which carries a high CVSS score and could potentially allow attackers to execute arbitrary system commands.

Vulnerability: The Metro Development Server in React Native Community CLI binds to external interfaces by default and is vulnerable to OS command injection. Unauthenticated network attackers can send a POST request to run arbitrary executables, with Windows systems also allowing arbitrary shell command execution.

Trending: The vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation. Social media reports suggest hackers are targeting developer systems by deploying malware through unauthorized POST requests since December, with a high-severity CVSS score of 9.8.

Vulnerability: A critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that enables unauthenticated remote code execution (RCE), allowing attackers to potentially compromise systems without prior authentication.

Trending: The vulnerability is highly discussed across cybersecurity channels, with multiple national cybersecurity centers like NCSC Netherlands and CERT-FR issuing active alerts about ongoing zero-day exploits. Multiple sources confirm active exploitation and recommend immediate mitigation measures.

Vulnerability: CVE-2026-25803 affects 3DP-MANAGER version 2.0.1 and prior, an inbound generator for 3x-ui. The vulnerability allows attackers to gain full administrative control by exploiting automatically created default administrative credentials (admin/admin) during first initialization.

Trending: The vulnerability is generating significant cybersecurity discussion due to its critical severity (rated 9.8) and potential for complete system compromise. Social media platforms are actively spreading awareness about the need to upgrade to version 2.0.2 and restrict network access to mitigate risks.

Vulnerability: A critical code injection vulnerability in Ivanti Endpoint Manager Mobile allowing unauthenticated remote code execution. The vulnerability affects the mobile endpoint management platform and can be exploited by attackers to execute arbitrary remote code.

Trending: The vulnerability is trending due to confirmed exploit code and active zero-day attacks, with multiple cybersecurity organizations like CERT-FR and JP-CERT issuing security alerts. Multiple sources have reported that exploit code for CVE-2026-1340 has been verified by vulnerability tracking services.

Vulnerability: A critical authentication bypass vulnerability in Fortinet products affecting FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb across multiple versions. The flaw allows an attacker with a FortiCloud account and registered device to log into devices registered to other accounts when FortiCloud SSO authentication is enabled.

Trending: The vulnerability is gaining significant attention due to active zero-day attacks and potential widespread impact. Multiple cybersecurity sources have highlighted the critical nature of the vulnerability, with a CVSS score of 9.4, prompting urgent calls for investigation and patching by U.S. authorities and cybersecurity firms.

Vulnerability: A path traversal vulnerability in WinRAR allows attackers to execute arbitrary code by crafting malicious archive files. The vulnerability primarily affects the Windows version of WinRAR and was discovered by ESET researchers.

Trending: The vulnerability is gaining attention due to active exploitation by the Amaranth Dragon threat actor, reportedly linked to APT41, targeting government and law enforcement agencies in Southeast Asia. Multiple cybersecurity sources have highlighted the ongoing cyber espionage campaigns leveraging this vulnerability.

Vulnerability: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0-19.2.0, affecting react-server-dom packages across different implementations. The vulnerability allows unsafe deserialization of HTTP request payloads to Server Function endpoints.

Trending: Hackers are actively exploiting this vulnerability to deploy cryptominers and establish remote access, with over 1,083 unique sources targeting the flaw between January 26 and February 2, 2026. Two specific IP addresses were responsible for 56% of the observed attack traffic.

Vulnerability: CVE-2026-25636 affects calibre, an e-book manager, in versions 9.1.0 and earlier. The vulnerability is a path traversal issue in EPUB conversion that allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating of 8.2 and potential for file corruption. Social media platforms like Mastodon are amplifying discussions about the vulnerability, with InfoSec communities highlighting the need for users to update to version 9.2.0.

Vulnerability: Calibre, an e-book management software, has a path traversal vulnerability in its CHM reader prior to version 9.2.0 that allows arbitrary file writes. On Windows, this vulnerability can potentially lead to Remote Code Execution by writing payloads to the Startup folder.

Trending: The vulnerability is generating significant cybersecurity discussion, with social media posts highlighting its high severity rating of 8.6. Infosec communities are actively sharing information about the potential remote code execution risks for Calibre users.

Vulnerability: CVE-2026-25634 affects iccDEV libraries, a set of tools for ICC color management profiles. The vulnerability involves stack buffer overlap in CIccTagMultiProcessElement::Apply() within IccTagMPE.cpp, potentially impacting the library's color profile processing prior to version 2.3.1.4.

Trending: The vulnerability is gaining attention in cybersecurity circles, with social media posts highlighting its high severity rating of 7.8 and potential implications for color management systems. Discussions are spreading across infosec platforms using hashtags like #CVE, #vulnerability, and #cybersecurity.

Vulnerability: GNU Inetutils telnetd through version 2.7 contains a remote authentication bypass vulnerability where attackers can bypass login authentication by using the "-f root" value for the USER environment variable. This affects Telnet servers running GNU Inetutils.

Trending: The vulnerability is generating significant attention due to confirmed exploit code availability, inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog, and potential for complete device compromise. Social media mentions indicate widespread interest, with the CVE appearing in top vulnerability interaction lists and receiving coverage across multiple cybersecurity platforms.

Vulnerability: A security issue in ingress-nginx allows configuration injection through the rules.http.paths.path Ingress field, potentially enabling arbitrary code execution and unauthorized Secret disclosure in the Kubernetes environment, with the controller capable of accessing cluster-wide Secrets in default installations.

Trending: The vulnerability is gaining significant attention in cybersecurity circles, with multiple social media mentions highlighting its potential impact. It has been featured in top CVE interaction lists and discussed by security researchers, indicating widespread concern about its potential exploitation in Kubernetes deployments.

Vulnerability: A critical vulnerability in Cisco AsyncOS Software for Secure Email Gateway and Secure Email and Web Manager allows unauthenticated remote attackers to execute arbitrary system commands with root privileges. The flaw stems from insufficient validation of HTTP requests in the Spam Quarantine feature.

Trending: The vulnerability is generating significant attention due to its critical nature, with a CVSS score of 10.0 and evidence of active exploitation since December 2025. Cisco has recently released patches, and cybersecurity firms are highlighting the potential for complete system takeover by attackers.

Vulnerability: Sangoma FreePBX versions 115.0.16.26 and below, 14.0.13.11 and below, and 13.0.197.13 and below contain an Incorrect Access Control vulnerability that could potentially allow unauthorized system access.

Trending: The vulnerability has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog, with confirmed exploit code reported by sources like VulnCheck. Multiple cybersecurity news outlets are reporting on active attacks targeting this and other software vulnerabilities.

Vulnerability: n8n is an open source workflow automation platform vulnerable to critical security flaws in its Git node. Prior to versions 1.123.10 and 2.5.0, authenticated users with workflow creation permissions could execute arbitrary system commands or read arbitrary files on the n8n host.

Trending: The vulnerability is gaining significant attention due to the discovery of multiple critical security issues in n8n, with six vulnerabilities rated as high-risk and some carrying CVSS severity scores as high as 9.4. Cybersecurity platforms and news outlets are actively reporting on the potential for remote code execution and command injection attacks.

Vulnerability: n8n, an open source workflow automation platform, has a critical vulnerability in file access controls that allows authenticated users with workflow modification permissions to read sensitive files from the host system. This can lead to obtaining critical configuration data and user credentials, potentially resulting in complete account takeover.

Trending: The vulnerability has gained significant attention due to multiple critical security risks discovered in n8n, with six vulnerabilities classified as critical and carrying high CVSS severity scores. Social media and cybersecurity news outlets are highlighting the potential for remote code execution, command injection, and system compromise.

Vulnerability: A vulnerability in GitLab CE/EE affects all versions from 10.5 before 14.3.6, 14.4 before 14.4.4, and 14.5 before 14.5.2. The flaw allows unauthorized external users to perform Server Side Requests via the CI Lint API.

Trending: The vulnerability has been confirmed to have existing exploit code and has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog. Multiple cybersecurity sources have highlighted the potential risk and urged IT administrators to apply available updates.

Vulnerability: A buffer overflow vulnerability was discovered in UTT 进取 520W version 1.7.7-180627, specifically in the strcpy function of the /goform/formP2PLimitConfig file. The vulnerability allows remote attackers to manipulate arguments and potentially execute unauthorized code.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating of 8.8 and the potential for remote exploitation. Social media mentions highlight the unresponsiveness of the vendor and the public disclosure of the exploit details.

Vulnerability: A critical vulnerability in UTT 进取 520W version 1.7.7-180627 involves a buffer overflow in the strcpy function within the /goform/formIpGroupConfig file. By manipulating the groupName argument, an attacker can execute remote code exploitation.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating (8.8) and potential for remote attacks. Multiple security platforms like RedPacketSecurity and TheHackerWire are actively discussing the unpatched vulnerability and its potential impact.

Vulnerability: AdonisJS, a TypeScript-first web framework, has a denial of service (DoS) vulnerability in its @adonisjs/bodyparser multipart file handling logic. The vulnerability allows potential excessive memory consumption during file uploads, affecting versions prior to 10.1.3 and 11.0.0-next.9.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its potential impact on web applications using AdonisJS, with social media channels highlighting its high severity rating of 7.5 and spreading awareness about the need for version updates.

Vulnerability: DataHub, an open-source metadata platform, is vulnerable to a Man-in-the-Middle (MITM) attack through TLS downgrade in its LDAP ingestion source prior to version 1.3.1.8, which could allow unauthorized interception of network communications.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating of 7.5 and potential implications for network security, with multiple infosec platforms sharing details about the MITM attack risk in DataHub's LDAP ingestion component.

Vulnerability: A buffer overflow vulnerability exists in UTT 进取 520W version 1.7.7-180627, specifically in the strcpy function of the /goform/formPolicyRouteConf file. By manipulating the GroupName argument, an attacker can execute a remote attack that could potentially compromise the system.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating of 8.8 and the potential for remote exploitation. Social media posts from cybersecurity platforms are highlighting the issue, emphasizing its significance and calling for awareness among IT professionals and network administrators.

Vulnerability: A vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to cause a denial of service (DoS) to the firewall, potentially forcing it into maintenance mode. The flaw specifically affects GlobalProtect Gateway and Portal with a high severity rating of 7.7.

Trending: The vulnerability is attracting significant attention due to its potential to disrupt network security, with multiple cybersecurity news outlets reporting on the issue. While no active exploits have been confirmed, the possibility of forcing firewalls into maintenance mode has raised concerns among network security professionals.

Vulnerability: A critical vulnerability in the ServiceNow AI Platform allows an unauthenticated user to impersonate another user and perform operations with the impersonated user's entitlements. The vulnerability affects ServiceNow's AI Platform and was identified as CVE-2025-12420.

Trending: The vulnerability is gaining attention due to its potential for significant security breaches, with security researchers noting that it could allow attackers to bypass multi-factor authentication and single sign-on by using only an email address. Cyble Vulnerability Intelligence has tracked this as part of a broader landscape of enterprise software vulnerabilities.

Vulnerability: A critical vulnerability in Fortinet FortiOS and FortiProxy allows an unauthenticated attacker to bypass FortiCloud SSO login authentication via a crafted SAML response message. The vulnerability affects multiple versions of FortiOS, FortiProxy, and FortiSwitchManager.

Trending: The vulnerability is generating significant attention due to active exploitation by threat actors, including reports of attackers creating new admin accounts and stealing configuration files from FortiGate firewalls. Multiple sources indicate ongoing attacks, and Fortinet has temporarily disabled cloud authentication services to mitigate the risk.

Vulnerability: A command injection vulnerability was identified in n8n's community package installation functionality, affecting versions 0.187.0 to before 1.120.3. The flaw allows authenticated administrative users to potentially execute arbitrary system commands on the n8n host under specific conditions.

Trending: The vulnerability is drawing significant attention due to multiple critical security risks discovered in the n8n workflow automation platform. Six vulnerabilities were identified, with four rated as critical and carrying high CVSS severity scores, prompting urgent recommendations for users to update to the latest version.

Vulnerability: n8n, an open-source workflow automation platform, has a Cross-Site Scripting (XSS) vulnerability in webhook response handling where Content Security Policy protections may fail. Authenticated users could potentially execute malicious scripts with same-origin privileges, potentially leading to session hijacking and account takeover.

Trending: Multiple sources report six critical vulnerabilities in n8n, with potential for remote code execution, command injection, and arbitrary file access. Security researchers have highlighted the risks, especially for users running older, unpatched versions of the platform, prompting urgent update recommendations.

Vulnerability: The n8n workflow automation platform contains a vulnerability in versions 1.65.0 to 1.114.3 where the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() can allow untrusted code to allocate uninitialized memory, potentially exposing sensitive information from the Node.js process.

Trending: Multiple security researchers have discovered six critical vulnerabilities in the n8n platform, with four rated at a CVSS severity score of 9.4. The vulnerabilities span multiple attack classes including remote code execution, command injection, and cross-site scripting, prompting urgent recommendations for users to update to the latest version.

Vulnerability: CVE-2026-25544 affects Payload, a free and open source headless content management system. The vulnerability allows unauthenticated attackers to perform blind SQL injection attacks in JSON or richText fields, potentially enabling full account takeover and sensitive data extraction.

Trending: The vulnerability is generating significant cybersecurity discussion due to its critical severity rating of 9.8 and the potential for widespread exploitation. Infosec communities are actively sharing details about the vulnerability across social media platforms, highlighting the risks to Payload CMS users.

Vulnerability: EPyT-Flow, a Python package for water distribution network scenario generation, contains a critical vulnerability in its REST API where an attacker can execute arbitrary OS commands through a custom JSON deserializer prior to version 0.16.1.

Trending: The vulnerability is generating significant cybersecurity discussion due to its critical nature and potential for remote code execution, with multiple social media posts highlighting the severe impact on water infrastructure-related software systems.

Vulnerability: Qdrant, a vector similarity search engine and vector database, contains a vulnerability from versions 1.9.3 to before 1.16.0 that allows attackers to append arbitrary files via the /logger endpoint using a controlled on_disk.log_file path, requiring minimal privileges.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating of 8.5 and potential impact on vector database systems. Infosec communities are discussing the implications and importance of updating to Qdrant version 1.16.0.

Vulnerability: A Server-Side Template Injection (SSTI) vulnerability exists in calibre's Templite templating engine prior to version 9.2.0, allowing arbitrary code execution when users convert ebooks using malicious custom template files via specific command-line options.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating of 7.8 and the potential for remote code execution in a popular e-book management application. Social media mentions highlight the need for users to update to the patched version 9.2.0.

Vulnerability: A security vulnerability in UTT 进取 520W 1.7.7-180627 allows remote buffer overflow attacks through manipulation of the year1 argument in the strcpy function of the /goform/formTimeGroupConfig file. The vulnerability affects the specific router model and firmware version.

Trending: The vulnerability is gaining attention in cybersecurity circles due to its high severity rating of 8.8 and potential for remote exploitation. Social media mentions highlight the unaddressed nature of the vulnerability, with infosec professionals sharing details across platforms like Mastodon.

Vulnerability: The CVE-2025-68947 vulnerability involves the NSecsoft 'NSecKrnl' Windows driver, which allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes, by issuing crafted IOCTL requests to the driver.

Trending: The vulnerability has gained attention due to confirmed exploit code being reported by sources like Vulncheck KEV, indicating potential active exploitation and increasing cybersecurity concern around the Windows driver vulnerability.

Vulnerability: A SQL injection vulnerability in Martcode Software Inc. Delta Course Automation allows unauthorized database manipulation. The issue affects Delta Course Automation versions through 04022026.

Trending: The vulnerability is gaining attention due to confirmed exploit code available on GitHub, suggesting potential active exploitation. Cybersecurity researchers are tracking its potential impact on systems running the affected software version.

Vulnerability: The WP Directory Kit plugin for WordPress contains a SQL Injection vulnerability in the select_2_ajax() function that allows unauthenticated attackers to append additional SQL queries and potentially extract sensitive database information. The vulnerability affects all versions up to and including 1.4.3.

Trending: The vulnerability is gaining attention due to confirmed exploit code availability through the Nuclei platform, indicating potential active exploitation risks for WordPress sites using the WP Directory Kit plugin.

Vulnerability: Fortinet FortiOS through version 7.6.6 contains a critical vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files. The vulnerability is present by default, with encryption keys being consistent across customer installations.

Trending: The vulnerability is actively trending due to confirmed exploit code being identified by vulncheck kev, suggesting active exploitation in the wild since late 2025. The potential widespread impact on Fortinet network devices has drawn significant cybersecurity community attention.

Vulnerability: P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 have a stored cross-site scripting (XSS) vulnerability. Attackers can execute arbitrary HTML and script code in a user's browser session by submitting crafted input to label modification functionality.

Trending: Exploit code for CVE-2020-37148 has been confirmed by sources like Packetstorm, indicating potential active exploitation. The vulnerability has gained attention due to the availability of verifiable exploit methods.

Vulnerability: P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.

Trending: The vulnerability is gaining attention due to confirmed exploit code available on Packetstorm, suggesting potential active exploitation risks. Security researchers and administrators are monitoring the situation for possible targeted attacks against the affected P5 FNIP systems.

Vulnerability: OpenSSL versions 3.6, 3.5, 3.4, 3.3, and 3.0 contain a critical stack buffer overflow vulnerability in CMS AuthEnvelopedData parsing. When processing untrusted CMS or PKCS#7 content using AEAD ciphers like AES-GCM, an attacker can trigger an out-of-bounds write before authentication occurs.

Trending: The vulnerability is generating significant cybersecurity discussion due to its potential for remote code execution and the fact that multiple sources, including AI-driven research, have highlighted its critical nature. Social media mentions emphasize the severity of the OpenSSL flaw, with some posts describing it as a potentially exploitable pre-authentication vulnerability.

Vulnerability: OpenClaw (also known as clawdbot or Moltbot) versions before 2026.1.29 have a critical security flaw that allows unauthorized WebSocket connection and token transmission by obtaining a gatewayUrl value from a query string without user prompting.

Trending: Social media mentions indicate this vulnerability is gaining significant attention due to its potential for one-click remote code execution and silent token theft. Cybersecurity experts are highlighting the critical nature of the flaw, with multiple platforms discussing its implications for AI system security.

Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to restricted functionality without proper authorization. The vulnerability affects SolarWinds Web Help Desk software and potentially exposes organizations to unauthorized system access.

Trending: CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Security researchers and media outlets are highlighting the critical nature of the vulnerability, with multiple sources reporting on the potential for remote code execution and authentication bypass risks.

Vulnerability: SolarWinds Web Help Desk contains an authentication bypass vulnerability that could allow an attacker to invoke specific actions within the Web Help Desk system without proper authentication credentials.

Trending: CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Multiple sources report that the vulnerability is part of a group of critical security flaws affecting SolarWinds Web Help Desk, which have significant potential for remote code execution and system compromise.

Vulnerability: SolarWinds Web Help Desk contains an untrusted data deserialization vulnerability that enables remote code execution without authentication. The vulnerability allows attackers to run commands directly on the host machine, potentially compromising the entire system.

Trending: The vulnerability is gaining significant attention after being added to the CISA Known Exploited Vulnerabilities (KEV) catalog, with multiple news sources reporting active exploitation spreading in the wild. Cybersecurity teams are on high alert due to the potential for unauthenticated system compromise.

Vulnerability: Rapid7 InsightVM versions before 8.34.0 have a signature verification vulnerability in the Assertion Consumer Service (ACS) cloud endpoint that could allow attackers to gain unauthorized access and potentially take over user accounts through unsigned assertion processing.

Trending: The vulnerability is attracting attention in cybersecurity circles due to its potential for account takeover in enterprise vulnerability management systems. Social media posts highlight the critical nature of the flaw and its implications for organizations using Rapid7 InsightVM's Security Console installations.

Vulnerability: A vulnerability in Windows NTLM authentication allows unauthorized attackers to perform network spoofing by exploiting external control of file names or paths, potentially exposing NTLM authentication hashes with minimal user interaction.

Trending: The vulnerability has been rapidly exploited in Eastern European countries like Poland and Romania within days of Microsoft's patch release, with proof-of-concept exploit code already circulating and demonstrating potential for NTLM hash disclosure across Windows 10 and 11 systems.