Trending CVEs

Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Dell RecoverPoint for Virtual Machines, versions prior to 6

Vulnerability: A critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that enables unauthenticated remote code execution, allowing attackers to potentially compromise systems without prior authentication.

Trending: The vulnerability is actively being exploited in the wild, with multiple national cybersecurity agencies like NCSC Netherlands and CERT-FR issuing alerts. Multiple social media sources indicate high interaction rates and significant attention from cybersecurity communities across different regions.

Vulnerability: A code injection vulnerability in Ivanti Endpoint Manager Mobile allows unauthenticated attackers to achieve remote code execution. The vulnerability affects EPMM's in-house application distribution and Android file transfer configuration features.

Trending: Multiple sources, including Japanese and French cybersecurity platforms, have confirmed the existence of exploit code for this vulnerability. The CERT-FR and other security organizations have issued alerts about the critical nature of CVE-2026-1340, which has a high CVSS severity score.

Use after free in CSS in Google Chrome prior to 145

Vulnerability: OpenSSL versions 3.6, 3.5, 3.4, 3.3, and 3.0 contain a critical stack buffer overflow vulnerability when parsing CMS AuthEnvelopedData structures with AEAD ciphers. The vulnerability allows an attacker to potentially trigger a Denial of Service or remote code execution by supplying a crafted CMS message with an oversized initialization vector.

Trending: The vulnerability is attracting significant attention due to claims that it was discovered by AI systems and represents a pre-authentication remote code execution risk in OpenSSL. Multiple cybersecurity platforms and researchers are highlighting its potential for critical exploitation, with some sources describing it as one of 12 newly discovered OpenSSL vulnerabilities.

Windows Admin Center Elevation of Privilege Vulnerability

Roundcube Webmail before 1

Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow

Roundcube Webmail before 1

Vulnerability: A critical TLS session resumption vulnerability where mutating the Config's ClientCAs or RootCAs fields between initial and resumed handshakes can cause unexpected session resumption. This can potentially allow clients or servers to resume sessions with untrusted endpoints that would have been rejected during the initial handshake.

Trending: The vulnerability is currently trending with 44 social media interactions across multiple platforms, placing it in the top 3 most discussed CVEs in the past week. Its high interaction rate suggests significant interest from cybersecurity professionals and potential concerns about its implications.

UTT HiPER 810G formTaskEdit_ap strcpy buffer overflow

Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload

Vulnerability: A stack-based buffer overflow in libtasn1 version v4.20.0 occurs when the function fails to validate input data size, potentially leading to a buffer overflow in the asn1_expend_octet_string function.

Trending: The vulnerability is gaining attention due to its potential impact on cryptographic foundations, with multiple cybersecurity sources highlighting the one-byte overflow in GNU libtasn1 as a critical security issue that could compromise system integrity.

D-Link DWR-M960 Scheduled Reboot Configuration Endpoint formDateReboot sub_460F30 stack-based overflow

Integer overflow in V8 in Google Chrome prior to 145

Unexpected code execution when invoking toolchain in cmd/go

Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing

Libxml2: libxml2: denial of service via crafted xml catalogs

Libxml2: unbounded relaxng include recursion leading to stack overflow

Vulnerability: VMware vCenter Server contains a heap-overflow vulnerability in the DCERPC protocol implementation. A malicious actor with network access can send a specially crafted network packet that could potentially lead to remote code execution.

Trending: CISA has added CVE-2024-37079 to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation in the wild. Multiple sources are reporting that federal agencies must patch this critical vulnerability, with a CVSS score of 9.8, within a short timeframe.

Honeywell CCTV Products Missing Authentication for Critical Function

Heap buffer overflow in Media in Google Chrome prior to 145

eAI Technologies｜ERP - DLL Hijacking

D-Link DWR-M960 VPN Configuration Endpoint formVpnConfigSetup sub_4196C4 stack-based overflow

D-Link DWR-M960 formDhcpv6s sub_468D64 stack-based overflow

Windows Notepad App Remote Code Execution Vulnerability

MuPDF <= 1.27.0 Barcode Decoding Double Free

SQL injection vulnerability in Order Up Online Ordering System

Vulnerability: A critical authentication bypass vulnerability in Fortinet products affecting FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb. The vulnerability allows an attacker with a FortiCloud account to log into devices registered to other accounts if FortiCloud SSO authentication is enabled.

Trending: The CVE is currently trending due to active zero-day attacks and high-profile mentions by cybersecurity authorities. Multiple sources, including US authorities, have highlighted the vulnerability's severity, with a CVSS score of 9.4 and potential for widespread compromise across multiple Fortinet product lines.

Vulnerability: The CVE-2025-61726 is a vulnerability in the Go programming language's net/url package that does not set a limit on the number of query parameters in a URL, potentially leading to excessive memory consumption when parsing large URL-encoded forms, particularly affecting AWS Lambda base images.

Trending: The vulnerability is gaining attention due to its reported impact on 27 AWS Lambda base images, with multiple cybersecurity sources like LambdaWatchdog highlighting the potential security risks and spreading awareness across social media platforms using hashtags like #AWS, #Lambda, and #CVE.

FileZen contains an OS command injection vulnerability

fast-xml-parser has RangeError DoS Numeric Entities Bug

Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability"

Vulnerability: During the TLS 1.3 handshake, there is a potential information disclosure vulnerability where messages may be processed before encryption level changes. This could allow a network-local attacker to inject messages during the handshake, potentially exposing minor information.

Trending: The vulnerability is currently gaining attention due to reports indicating it impacts standard library components in 27 AWS Lambda base images. Social media channels like Mastodon and Bluesky are amplifying awareness through posts by @lambdawatchdog, highlighting potential cloud security implications for serverless environments.

Vulnerability: The archive/zip library has a super-linear file name indexing algorithm that can cause a denial of service when processing a maliciously constructed ZIP archive. This vulnerability affects systems using the archive/zip library for ZIP file handling.

Trending: The CVE is gaining attention due to its potential impact on AWS Lambda, with reports indicating it affects the standard library in 27 Lambda base images. Security researchers and cloud professionals are discussing the vulnerability across social media platforms using hashtags like #AWS, #Lambda, and #CloudSecurity.

Heap buffer overflow in PDFium in Google Chrome prior to 145

MS-EVEN RPC Remote Code Execution Vulnerability

A memory corruption issue was addressed with improved state management

Arbitrary file write using cgo pkg-config directive in cmd/go

An issue in Visual Studio Code Extensions Live Server v5

D-Link DWR-M960 Advanced Firewall Configuration Endpoint formFirewallAdv sub_425FF8 stack-based overflow

Vulnerability: CVE-2026-25253 is a vulnerability in OpenClaw (also known as clawdbot or Moltbot) before version 2026.1.29 that allows attackers to obtain a gatewayUrl value from a query string and automatically establish a WebSocket connection without user prompt, potentially sending authentication tokens.

Trending: The vulnerability is generating significant cybersecurity discussion due to its potential for one-click remote code execution and silent token theft. Multiple cybersecurity platforms and researchers are highlighting the critical nature of this flaw, emphasizing its high-risk potential for unauthorized access and system compromise.

UTT HiPER 810G setSysAdm strcpy buffer overflow

D-Link DWR-M960 formNewSchedule sub_44E0F8 stack-based overflow

D-Link DWR-M960 formWsc sub_457C5C stack-based overflow

REXML has a DoS condition when parsing malformed XML file

SQL Injection

Rocket TRUfusion Enterprise through 7