Trending CVEs

Vulnerability: CVE-2026-20245 is a command injection vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, Manager, and Validator that allows authenticated local attackers with netadmin privileges to execute arbitrary commands as root by uploading a crafted file. The vulnerability affects Cisco Catalyst SD-WAN vSmart Controller, vManage, and vBond Validator components.

Trending: The vulnerability is trending due to active exploitation in the wild, with unknown actors exploiting it as a zero-day approximately two months before its official disclosure and patch release on May 14, 2026. Google's Mandiant team has published detailed analysis of how attackers leveraged the flaw to gain root access and create rogue accounts, making it the seventh Cisco SD-WAN zero-day exploited in 2026 and generating significant security community attention across multiple platforms.

Vulnerability: A server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) allows unauthenticated, remote attackers to write files to the underlying operating system and potentially elevate privileges to root. The vulnerability requires the WebDialer service to be enabled, which is disabled by default.

Trending: The vulnerability is trending due to active exploitation in the wild, with threat intelligence firms reporting attacks observed in late June 2026, just weeks after Cisco released patches. The exploitation follows public proof-of-concept disclosure and has prompted widespread coverage across security news outlets and social media platforms due to its critical severity and potential for root-level access on enterprise voice infrastructure.

Vulnerability: CVE-2026-0257 is an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software that allows attackers to bypass security restrictions and establish unauthorized VPN connections. Panorama and Cloud NGFW are not affected.

Trending: The vulnerability is trending due to CISA and Palo Alto Networks confirming active exploitation in the wild, with threat actors actively exploiting the flaw across enterprise VPN infrastructure. Multiple security news outlets and cybersecurity professionals are reporting on the active attacks and advising organizations to patch promptly and review portal/gateway logs for unauthorized access attempts.

Vulnerability: CVE-2025-67038 is a command injection flaw in Lantronix EDS5000 2.1.0.0R3 where the HTTP RPC module fails to sanitize the username parameter when executing shell commands for failed authentication logging, allowing attackers to inject arbitrary OS commands executed with root privileges.

Trending: The vulnerability is trending due to active exploitation in the wild, with CISA issuing warnings about ongoing attacks against affected Lantronix EDS5000 devices and federal government agencies being mandated to apply patches by June 26.

Vulnerability: CVE-2026-34908 is an improper access control vulnerability in Ubiquiti UniFi OS devices that allows a malicious actor with network access to make unauthorized changes to the system without authentication. The flaw affects UniFi OS Server versions 5.0.6 and earlier.

Trending: This vulnerability is trending because it is being actively exploited in the wild despite patches being available since May 2026, with CISA issuing warnings about threat actors targeting it alongside two related critical flaws (CVE-2026-34909 and CVE-2026-34910), all rated CVSS 10/10. Security researchers and agencies are highlighting the attacks as some administrators have not applied available updates.

Vulnerability: CVE-2026-34909 is a path traversal vulnerability in Ubiquiti UniFi OS devices that allows a malicious actor with network access to access files on the underlying system and potentially manipulate them to gain unauthorized account access.

Trending: The vulnerability is trending because it is being actively exploited in the wild, with CISA issuing warnings about attacks targeting this flaw alongside two other critical UniFi OS vulnerabilities (CVE-2026-34908 and CVE-2026-34910), all with a CVSS score of 10/10, despite patches being available since May 2026.

Vulnerability: An Improper Input Validation vulnerability in Ubiquiti UniFi OS devices allows a network-adjacent malicious actor to execute command injection attacks. This flaw affects UniFi OS Server versions 5.0.6 and earlier.

Trending: CVE-2026-34910 is trending because it is one of three critical CVSS 10.0 vulnerabilities in UniFi OS that are actively being exploited in the wild despite patches being available since May 2026. CISA has issued warnings about ongoing attacks targeting these flaws, and security agencies have noted that some administrators have not applied available updates.

Vulnerability: CVE-2026-20127 is a critical authentication bypass flaw in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller, Manager, and Validator that allows unauthenticated remote attackers to gain administrative privileges and manipulate network configuration through NETCONF access.

Trending: The vulnerability is trending due to active exploitation in the wild, with Cisco updating its advisory to add the SD-WAN Validator to the affected products list, and multiple reports of attackers successfully exploiting this flaw to compromise SD-WAN infrastructure in production environments.

Vulnerability: A vulnerability in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller, SD-WAN Manager, and SD-WAN Validator allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges, potentially enabling manipulation of SD-WAN fabric network configuration through NETCONF access.

Trending: This vulnerability is trending due to active exploitation in the wild targeting enterprise SD-WAN infrastructure, with multiple confirmed incidents reported by Google's Mandiant team. The flaw represents one of several critical Cisco SD-WAN zero-day vulnerabilities actively exploited in 2026, generating significant coverage across security news outlets and raising concerns about the vulnerability's discovery months before patching.

Vulnerability: NGINX Open Source contains a use-after-free vulnerability in the ngx_http_v3_module when configured to use HTTP/3 QUIC. Remote unauthenticated attackers can exploit this through specially crafted HTTP/3 sessions to cause worker process crashes, and potentially execute arbitrary code on systems with ASLR disabled or bypassed.

Trending: F5 released emergency out-of-band patches for this critical vulnerability (CVSS 9.2) alongside CVE-2026-42055, generating significant coverage across security news outlets and social media. The focus on remote code execution capabilities and unauthenticated exploitation potential has driven widespread alerts and recommendations for immediate patching.

Vulnerability: CVE-2024-21182 is an unauthenticated remote code execution vulnerability in Oracle WebLogic Server (versions 12.2.1.4.0 and 14.1.1.0.0) that allows attackers with network access via T3 and IIOP protocols to compromise the server and gain unauthorized access to critical data. The vulnerability has a CVSS 3.1 score of 7.5.

Trending: CISA added CVE-2024-21182 to its Known Exploited Vulnerabilities (KEV) catalog on June 1, 2026, after confirming active exploitation in the wild. The vulnerability was patched nearly two years ago in Oracle's July 2024 CPU release, making its continued active exploitation particularly concerning and prompting urgent patching directives to federal agencies and organizations.

Vulnerability: An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and remote code execution. This vulnerability affects FFmpeg versions before 8.1.2 and impacts media players, servers, and applications built on FFmpeg including Jellyfin and Nextcloud.

Trending: CVE-2026-8461, dubbed "PixelSmash," is trending due to active exploitation potential where malformed video files can execute arbitrary commands on systems that process them. The vulnerability has garnered significant attention across security researchers and media outlets due to its critical CVSS score of 8.8 and widespread impact across the software supply chain.

Vulnerability: NGINX Plus and NGINX Open Source contain a heap-based buffer overflow vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules when proxying HTTP/2 traffic with specific configuration settings. Remote unauthenticated attackers can exploit this to cause worker process crashes or execute arbitrary code on systems with ASLR disabled or bypassed.

Trending: F5 released out-of-band emergency patches for this critical vulnerability (CVSS 9.2) alongside CVE-2026-42530, with widespread coverage across security news outlets and social media highlighting the remote code execution risk and the urgent need for patching.

Vulnerability: An easily exploitable unauthenticated network vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools (versions 8.61 and 8.62) within the Updates Environment Management component, allowing attackers with network access via HTTP to achieve complete compromise of the affected system with a CVSS 3.1 score of 9.8.

Trending: CVE-2026-35273 is trending due to active exploitation in the wild by threat actors including the ShinyHunters cybercriminal group, prompting CISA to issue an emergency alert and add it to the Known Exploited Vulnerabilities catalog. The vulnerability received significant social media attention as part of Oracle's June 2026 Critical Security Patch Update addressing 245 vulnerabilities, with this particular CVE ranking as the top discussed vulnerability across multiple security platforms.

Vulnerability: CVE-2026-11374 affects ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. The vulnerability allows unauthenticated users to predict SSO tickets used for session authentication, enabling account takeover.

Trending: The vulnerability is trending due to its critical severity rating and the broad impact across multiple ManageEngine products used in enterprise environments. Social media and security outlets are highlighting the account takeover risk and noting the absence of available patches, prompting organizations to monitor vendor updates and restrict access.

Vulnerability: A use-after-free vulnerability in the PROCA driver affects Samsung devices and was patched in the January 2026 SMR release. Local attackers could potentially execute arbitrary code by exploiting this flaw in Samsung's KNOX kernel security subsystem.

Trending: The vulnerability is gaining attention because researchers discovered it had existed unpatched for approximately eight years, affecting nearly all Samsung Galaxy devices from the S9 through S25 models. Security researchers detailed the flaw's technical aspects and its potential for kernel-level exploitation through interactions between PROCA and FIVE components.

Vulnerability: The Invoice Generator plugin for WordPress (versions up to 1.0.0) contains an account takeover vulnerability in its password reset function. Unauthenticated attackers can exploit missing nonce verification and authorization checks to reset any user's password, including administrator accounts, by sending a POST request with an arbitrary user ID.

Trending: The vulnerability is gaining attention due to its critical severity (CVSS 9.8) and active exploitation potential, with security researchers sharing proof-of-concept exploits and mass scanning tools on social media. Multiple cybersecurity accounts are flagging it as a priority issue requiring immediate remediation or plugin disablement.

Vulnerability: CVE-2026-39118 is a privilege escalation vulnerability in Iru, Inc Kandji Agent before version 4.7.5(5374) that allows local attackers to escalate privileges through a client validation gap to invoke restricted agent functionality on macOS systems.

Trending: This vulnerability is trending due to active exploitation demonstrations showing that standard, non-administrative macOS users can silently disable enterprise security tools including EDR and MDM agents without triggering alerts. The attack chain discovered by XM Cyber leverages legitimate macOS behaviors such as weak XPC validation and malicious payload injection, raising significant concerns for enterprise endpoint protection.

Vulnerability: The SignUp & SignIn plugin for WordPress (versions up to 1.0.0) contains an authentication bypass vulnerability in its password reset functionality that allows unauthenticated attackers to change the password of any user, including administrators, due to weak validation and missing security checks in the pravel_change_password() AJAX handler.

Trending: The vulnerability is trending due to the availability of mass scanner exploits and active security discussions, with researchers recommending immediate removal or disabling of the affected plugin until an official patch is released.

Vulnerability: ProFTPD through versions 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability allowing authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command, enabling unauthorized access and manipulation of files in protected directories.

Trending: The vulnerability is receiving attention on security-focused social media platforms with mentions noting the high CVSS score of 8.1 and the ability for authenticated users to bypass directory protections and retrieve restricted files, highlighting the practical exploitability of the flaw.

Vulnerability: picklescan before version 0.0.29 contains a flaw that fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing attackers to embed undetected payloads that execute arbitrary code when pickle files are loaded via pickle.load(). This remote code execution vulnerability affects systems using vulnerable versions of picklescan.

Trending: CVE-2025-71361 is trending due to its high CVSS score of 8.1 and the critical nature of remote code execution vulnerabilities in widely-used serialization handling tools, with early notifications appearing on security monitoring platforms shortly after publication.

Vulnerability: Agentejo Cockpit before version 0.11.2 contains a NoSQL injection vulnerability in the Controller/Auth.php resetpassword function that allows attackers to manipulate database queries.

Trending: The vulnerability is being shared across security-focused social media platforms including Bluesky, with multiple cybersecurity news aggregators documenting and cross-posting information about the flaw.

Vulnerability: CVE-2024-24909 is a Remote Code Execution vulnerability in Dell OpenManage Integration with Microsoft Windows Admin Center's gateway plugin that allows authenticated remote users to escalate privileges and execute arbitrary code. The vulnerability affects Dell's management integration software used with Windows Admin Center.

Trending: The vulnerability is receiving attention across cybersecurity communities due to its high severity rating (CVSS 8.8) and the critical nature of RCE in enterprise management tools, with security researchers highlighting the risk of authenticated attackers gaining control over managed systems through the Dell OpenManage integration.

Vulnerability: shell-quote versions prior to 1.8.5 contain a quadratic time complexity vulnerability in the parse() function that allows attackers to cause denial of service by supplying specially crafted input strings with space-separated words, blocking the Node.js event loop without requiring shell metacharacters or enabling code execution.

Trending: The vulnerability is trending due to its HIGH severity classification and practical exploitability, with security researchers highlighting that attackers can trigger extended denial of service on affected Node.js applications with minimal input, prompting urgent upgrade recommendations to version 1.8.5 and later.

Vulnerability: Appsmith versions prior to 2.1 contain an unauthenticated Caddy reverse-proxy admin API bound to 0.0.0.0:2019 that can be exploited by authenticated low-privileged users through SSRF vulnerabilities to fully replace the live Caddy configuration and take over the reverse proxy.

Trending: The vulnerability is receiving attention on social media with security researchers flagging it as critical and urging immediate upgrades to version 2.1 or later, emphasizing the severity of allowing low-privileged users to compromise the reverse proxy infrastructure.

Vulnerability: SiYuan, an open-source personal knowledge management system, contains a stored cross-site scripting (XSS) vulnerability in the Attribute View asset cell renderer that escalates to remote code execution (RCE) in the Electron desktop client. The vulnerability affects all versions prior to 3.7.0.

Trending: This vulnerability is trending due to its critical severity rating and the ability to achieve remote code execution through the Electron desktop client, with security researchers actively flagging the need for immediate upgrades to version 3.7.0 or later to prevent exploitation.

Vulnerability: CVE-2026-54158 is a stored cross-site scripting (XSS) vulnerability in SiYuan (prior to version 3.7.0), an open-source personal knowledge management system. The vulnerability exists in the attribute-view cell renderer where user-supplied cell content is improperly interpolated without escaping in text, URL, phone, and mAsset fields, allowing attackers to inject arbitrary JavaScript that executes when victims open the block-attribute panel, and on Electron desktop clients with nodeIntegration enabled, chains to remote code execution.

Trending: The vulnerability is trending due to its critical severity rating and the fact that it enables persistent payload injection through synced workspace files, affecting all devices that open affected panels. Security researchers and CVE tracking services are actively flagging the need for immediate upgrades to version 3.7.0 or later.

Vulnerability: SiYuan prior to version 3.7.0 contains a stored XSS vulnerability in the marketplace where untrusted package fields (name, version, author, description) are not properly escaped in HTML attributes, allowing attackers to inject arbitrary HTML. In the desktop client, this XSS escalates to remote code execution due to enabled nodeIntegration and disabled contextIsolation in the Electron BrowserWindow.

Trending: This vulnerability is gaining attention as a critical bypass of a previous patch (CVE-2026-45375) that addressed the same root cause through a different code path, with security researchers flagging it as enabling full desktop client compromise through OS command execution.

Vulnerability: CVE-2026-20253 is a critical unauthenticated file operation vulnerability in Splunk Enterprise versions 10.2 below 10.2.4 and 10 below 10.0.7, where an unauthenticated user can create or truncate arbitrary files through an unprotected PostgreSQL sidecar service endpoint, potentially enabling remote code execution. Splunk Enterprise 9.4 and earlier versions are not affected.

Trending: The vulnerability is trending due to active exploitation in the wild within days of public disclosure, with CISA adding it to the Known Exploited Vulnerabilities (KEV) catalog and issuing a mandatory 3-day patching deadline for federal agencies. Public proof-of-concept code has been released, and multiple security researchers have highlighted the critical nature of the flaw (CVSS 9.8), particularly for on-premise and AWS deployments where the PostgreSQL sidecar is enabled by default.

Vulnerability: An improper access control vulnerability in SonicWall SonicOS management access potentially allows unauthorized resource access and can cause firewall crashes. The issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.

Trending: The vulnerability is gaining attention due to discussion around patch deployment challenges, with security researchers noting that while patches have been released, many organizations have not properly implemented configuration fixes to fully remediate the issue. The topic is being actively discussed in cybersecurity communities with mentions linking to SANS ISC analysis of the patching and configuration management concerns.

Vulnerability: An authenticated command injection vulnerability exists in TP-Link Archer BE450 v1 and BE7200 v1 routers that allows authenticated administrators to execute arbitrary system commands through the web management interface via crafted inputs supplied through the browser's developer console. Successful exploitation enables command execution with elevated privileges, potentially allowing attackers to start unauthorized services, modify system configuration, or fully compromise the router.

Trending: The vulnerability is gaining attention on social media platforms including Bluesky, where security researchers and news outlets are discussing the critical nature of the flaw affecting popular TP-Link Wi-Fi routers and its CVSS v4.0 score of 8.5 (high severity).

Vulnerability: An improper access control vulnerability in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute unauthorized code or commands via crafted requests.

Trending: The vulnerability is trending due to active exploitation in the wild, with attackers leveraging CVE-2026-35616 to distribute the EKZ credential-stealing malware disguised as legitimate FortiNet patches. Fortinet confirmed zero-day attacks and released patches in April, prompting urgent customer notifications to apply fixes immediately.

Vulnerability: CVE-2026-20262 is an arbitrary file write vulnerability in Cisco Catalyst SD-WAN Manager that allows authenticated remote attackers to create or overwrite files on the affected system, potentially leading to root privilege escalation. The vulnerability exists due to improper input validation during file upload processes and requires valid credentials with at least lower-privileged access.

Trending: This vulnerability is trending due to confirmed active exploitation in the wild, with Cisco's Product Security Incident Response Team observing real-world attacks. CISA added it to the must-patch list despite its medium 6.5 severity rating, citing the critical nature of WAN fabric compromise, and multiple security organizations have reported ongoing targeted exploitation campaigns.

Vulnerability: CVE-2025-20701 is a Bluetooth authorization flaw in the Airoha Bluetooth audio SDK affecting Apple's Beats Studio Buds that allows nearby attackers to pair with the device and activate its microphone without user consent, enabling covert eavesdropping and privilege escalation.

Trending: This vulnerability is receiving significant attention across security news outlets and social media due to its critical nature and practical exploitation risk—nearby attackers can remotely activate the microphone for covert listening without any user interaction, prompting Apple to release a firmware patch (version 1B211) for the affected Beats Studio Buds.

Vulnerability: Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers, with increased risk due to Dify Cloud's trivially accessible free self-registration.

Trending: The vulnerability is trending due to security researchers detailing the "DifyTap" flaws and their potential to expose AI chats across tenants. Multiple cybersecurity sources have highlighted the critical nature of the authorization bypass, with particular concern raised about the ease of account creation on Dify Cloud enabling attackers to readily exploit the vulnerability.

Vulnerability: CVE-2026-33000 is an Improper Input Validation vulnerability in UniFi OS devices that allows a malicious actor with network access and high privileges to execute Command Injection attacks. The flaw affects Ubiquiti's UniFi OS platform and related UniFi devices.

Trending: This vulnerability is trending due to active exploitation by threat actors targeting UniFi OS devices, with CISA warning of attacks in the wild. The issue has gained prominence as part of a broader critical vulnerability campaign affecting Ubiquiti infrastructure, prompting urgent patching recommendations from security organizations.

Vulnerability: CVE-2026-39210 is a critical remote code execution vulnerability in FFmpeg that can be triggered by a 183-byte packet, part of a set of 21 zero-day vulnerabilities discovered in the widely-used multimedia framework.

Trending: This vulnerability is trending due to an AI agent discovering 21 FFmpeg zero-days for $1,000, with some bugs dating back to 2003, alongside Chrome's record-breaking patch of 429 vulnerabilities in the same week, highlighting the emerging capability of AI-driven vulnerability discovery.

Vulnerability: A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Trending: The vulnerability is gaining attention due to public disclosure of research and proof-of-concept exploits being shared on social media platforms, with security researchers publishing analysis and technical details on blogs and GitHub repositories.

Vulnerability: CVE-2026-5027 is a path traversal vulnerability in Langflow's 'POST /api/v2/files' endpoint that fails to sanitize the 'filename' parameter, allowing attackers to write files to arbitrary locations on the filesystem using '../' sequences and potentially achieve remote code execution. The vulnerability affects the open-source AI orchestration platform Langflow, with over 74,000 internet-facing deployments reported at risk.

Trending: The vulnerability is trending due to active exploitation in the wild, marking the third Langflow vulnerability to be exploited in 2026. Despite a patch being available for over two months, attackers continue to exploit unpatched instances, and the flaw has yet to be added to CISA's Known Exploited Vulnerabilities (KEV) catalog, generating significant coverage across security news outlets and social media platforms.

Vulnerability: CVE-2026-50656, known as "RoguePlanet," is an elevation of privilege vulnerability in the Microsoft Malware Protection Engine within Microsoft Defender. Microsoft is currently developing a security patch to address this flaw.

Trending: The vulnerability is generating significant attention across security communities and news outlets due to its public disclosure by security researcher Nightmare Eclipse and Microsoft's acknowledgment of the zero-day threat. The fact that Microsoft unusually named the public exploit method in their advisory has also contributed to increased visibility and discussion across social media platforms and security news sources.

Vulnerability: Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier contain a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

Trending: The vulnerability is receiving attention across security blogs and social media platforms with urgent patch advisories circulating. Multiple cybersecurity news outlets are highlighting it alongside recent patch releases, indicating active awareness in the security community regarding the need for immediate updates.

Vulnerability: Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.

Trending: CVE-2025-54518 is trending due to its inclusion in critical security patches, including SUSE's SUSE-SU-2026:2613-1 advisory covering multiple Xen hypervisor vulnerabilities with a CVSS score of 8.8, alongside broader patch cycles addressing numerous high-severity issues across multiple vendors.

Vulnerability: SiYuan, an open-source personal knowledge management system, contains a stored cross-site scripting (XSS) vulnerability in versions prior to 3.7.0 where the Name and Version fields of packages in the Bazaar marketplace are rendered without HTML escaping, allowing arbitrary HTML and JavaScript execution when users access the marketplace tab.

Trending: This vulnerability is trending due to a known bypass (CVE-2026-55570) that was publicly disclosed, demonstrating that the initial patch for CVE-2026-45375 was insufficient and could still be exploited to achieve remote code execution in the Electron-based application through unescaped data attributes.

Vulnerability: A use-after-free vulnerability in OpenSSL's PKCS#7 signature verification function (PKCS7_verify()) can be triggered by a specially crafted PKCS#7 or S/MIME signed message with an empty digestAlgorithms field, potentially resulting in process crashes, heap corruption, or remote code execution. Applications using OpenSSL's PKCS#7 APIs are affected, while those using CMS APIs are not.

Trending: The vulnerability is trending due to its discovery across multiple AWS Lambda base images affecting 20 container variants, and because it was identified through AI-assisted research. Multiple security outlets are reporting the high-severity rating and remote code execution potential, with advisories noting this is part of a broader OpenSSL patch release addressing 16-18 vulnerabilities, though currently no active exploitation in the wild has been reported.

Vulnerability: Open WebUI versions 0.6.224 and prior contain a code injection vulnerability in the Direct Connections feature that allows malicious external model servers to execute arbitrary JavaScript in victim browsers via Server-Sent Event (SSE) execute events. This can lead to authentication token theft, account takeover, and remote code execution on the backend server when chained with the Functions API.

Trending: The vulnerability is gaining attention amid reports of increased internet-exposed AI services and growing cybersecurity threats in 2025, as organizations deploying self-hosted AI platforms like Open WebUI face expanding attack surfaces and risks from malicious model server configurations.

Vulnerability: NETGEAR NMS300 devices before version 1.6.0.27 are affected by a command injection vulnerability that can be exploited by unauthenticated attackers to execute arbitrary commands on affected systems.

Trending: The vulnerability is being shared across security information channels and cybersecurity communities as awareness content regarding the NETGEAR NMS300 command injection flaw and the importance of updating to patched versions.

Vulnerability: The Advanced Contact Form 7 - Compact DB plugin for WordPress versions up to 1.0.0 is vulnerable to unauthorized deletion of contact form submission data. The vulnerability exists in the cf7cdb_ajax_delete_user() function, which lacks capability checks, nonce verification, and ownership validation, allowing unauthenticated attackers to delete arbitrary entries from the plugin's database by manipulating sequential ID parameters.

Trending: The vulnerability is gaining attention in the cybersecurity community on social media platforms, with discussions highlighting its CVSS score of 5.3 and implications for WordPress security. Security researchers and practitioners are sharing information about the flaw across platforms like Bluesky, emphasizing the risk to WordPress sites using this plugin.

Vulnerability: CVE-2020-35795 is a buffer overflow vulnerability in numerous NETGEAR router and mesh system models that can be exploited by unauthenticated attackers. The vulnerability affects over 80 NETGEAR device models including AC series, R series, RAX series, RB series, and XR series routers across multiple firmware versions.

Trending: The vulnerability is being tracked and shared across cybersecurity communities on platforms like Bluesky, with security researchers and vulnerability aggregators documenting the extensive list of affected NETGEAR devices and their vulnerable firmware versions.

Vulnerability: CVE-2026-42487 is a synchronization flaw in Xen hypervisor's HVM guest I/O port handling where traversal of device model-managed translation lists lacks proper synchronization with updates, potentially allowing inconsistent state during guest I/O port access operations.

Trending: This vulnerability is trending due to its inclusion in SUSE security advisory SUSE-SU-2026:2613-1 as a critical patch with a CVSS score of 8.8, grouped alongside other significant Xen hypervisor CVEs affecting AMD Zen 2 systems, prompting widespread attention to hypervisor security updates.

Vulnerability: Agentejo Cockpit before version 0.11.2 is affected by a NoSQL injection vulnerability in the Controller/Auth.php newpassword function. This vulnerability allows attackers to inject malicious NoSQL queries through the password reset functionality.

Trending: CVE-2020-35848 is being highlighted in cybersecurity communities as security researchers and threat intelligence platforms document the NoSQL injection flaw in Cockpit's authentication mechanism. The vulnerability has gained attention as part of ongoing awareness campaigns regarding authentication bypass and injection vulnerabilities in content management systems.