Top Exploited CVEs This Week
This report ranks the ten most actively discussed and exploited vulnerabilities from the past week, using signals from security intelligence feeds, community channels, and exploitation monitoring.
- CVE-2025-43520MediumCVSS: 5.58 postsEPSS 47.5%
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8....
View full CVE details →
- CVE-2023-36424HighCVSS: 7.87 posts1 repoEPSS 1029.7%
Windows Common Log File System Driver Elevation of Privilege Vulnerability
View full CVE details →
- CVE-2020-9715HighCVSS: 7.87 posts2 reposEPSS 5044.5%
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation c...
View full CVE details →
- CVE-2012-1854HighCVSS: 7.87 postsEPSS 135.8%
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic...
View full CVE details →
- CVE-2026-1306CriticalCVSS: 9.86 posts1 repoEPSS 13.9%
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1...
View full CVE details →
- CVE-2026-1670CriticalCVSS: 9.86 posts
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
View full CVE details →
- CVE-2026-2439CriticalCVSS: 9.86 postsEPSS 1.8%
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to gene...
View full CVE details →
- CVE-2026-22719HighCVSS: 8.16 postsEPSS 735.3%
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMw...
View full CVE details →
- CVE-2026-21902CriticalCVSS: 9.85 posts1 repoEPSS 28.2%
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-b...
View full CVE details →
- CVE-2026-32296HighCVSS: 8.25 postsEPSS 5.4%
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network...
View full CVE details →
Methodology
Vulnerabilities are ranked by social post volume — the number of security community discussions and mentions associated with each CVE across our intelligence feeds.
The data is generated from the LeakyCreds vulnerability intelligence dataset and is updated regularly to reflect the latest trending and high-signal CVEs.
Check Your Domain for Exposed Credentials
Use our free scanner to check if credentials associated with your domain have been exposed in recent leaks or breaches.
Scan Your DomainLast updated: April 23, 2026 at 02:13 PM