Top Exploited CVEs This Week
This report ranks the ten most actively discussed and exploited vulnerabilities from the past week, using signals from security intelligence feeds, community channels, and exploitation monitoring.
- CVE-2026-20700HighCVSS: 7.815 posts1 repoEPSS 12.7%
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memo...
View full CVE details →
- CVE-2026-25253HighCVSS: 8.87 posts6 reposEPSS 5.3%
## Summary The Control UI trusts `gatewayUrl` from the query string without validation and auto-connects on load, sending the stored gateway token in the WebSocket connect payload. Clicking a crafte...
View full CVE details →
- CVE-2026-1306CriticalCVSS: 9.86 posts1 repoEPSS 13.9%
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1...
View full CVE details →
- CVE-2026-1670CriticalCVSS: 9.86 posts
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
View full CVE details →
- CVE-2026-2439CriticalCVSS: 9.86 postsEPSS 1.8%
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to gene...
View full CVE details →
- CVE-2026-22719HighCVSS: 8.16 postsEPSS 735.3%
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMw...
View full CVE details →
- CVE-2026-21385HighCVSS: 7.86 posts1 repoEPSS 34.1%
Memory corruption while using alignments for memory allocation.
View full CVE details →
- CVE-2026-30861CriticalCVSS: 10.06 postsEPSS 20.9%
### Summary A critical unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation introduced in version 2.0.5. The application allows unrestricted us...
View full CVE details →
- CVE-2026-21902CriticalCVSS: 9.85 posts1 repoEPSS 28.2%
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-b...
View full CVE details →
- CVE-2026-30860CriticalCVSS: 9.95 postsEPSS 7.7%
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's da...
View full CVE details →
Methodology
Vulnerabilities are ranked by social post volume — the number of security community discussions and mentions associated with each CVE across our intelligence feeds.
The data is generated from the LeakyCreds vulnerability intelligence dataset and is updated regularly to reflect the latest trending and high-signal CVEs.
Last updated: March 9, 2026 at 05:05 AM