Trending CVEs

Vulnerability: CVE-2026-0863 allows an authenticated user with basic permissions to bypass n8n's python-task-executor sandbox restrictions via the Code block, enabling arbitrary unrestricted Python code execution. This affects n8n instances operating under "Internal" execution mode, potentially leading to full instance takeover, while "External" mode (e.g., official Docker image) limits impact to Sidecar containers.

Trending: The vulnerability is trending due to widespread social media coverage highlighting its high severity (8.5) and exploitability via basic permissions. Multiple posts from TheHackerWire emphasize the risk of full system compromise in "Internal" mode, driving attention in infosec communities.

Vulnerability: A buffer overflow vulnerability in the strcpy function of the /goform/ConfigExceptMSN file in UTT 进取 520W 1.7.7-180627 allows remote attackers to exploit the flaw via crafted input, with the exploit publicly disclosed and no vendor response noted.

Trending: The CVE is widely discussed on platforms like Mastodon and Twitter, with multiple posts from TheHackerWire and RedPacketSecurity highlighting its high severity (8.8) and

Vulnerability: Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation. This issue affects Modular DS: from n/a through 2.5.1.

Trending: The vulnerability is trending due to confirmed in-the-wild exploitation, with reports of unauthenticated attackers gaining full WordPress admin access. Multiple sources highlight its critical severity (CVSS 10.0) and widespread impact, affecting over 40,000 sites, while social media platforms like Mastodon and Bluesky have amplified awareness of the flaw.

Vulnerability: A buffer overflow vulnerability in the strcpy function of the /goform/formWebAuthGlobalConfig file in UTT 进取 520W 1.7.7-180627 allows remote exploitation, leading to potential system compromise. The vendor was contacted but did not respond to the disclosure.

Trending: CVE-2026-1137 is trending due to public exploit availability and active discussion on platforms like Mastodon, with multiple security outlets highlighting its high severity (8.8) and remote attack capability.

Vulnerability: A buffer overflow vulnerability exists in the strcpy function of the /goform/ConfigExceptQQ file in UTT 进取 520W 1.7.7-180627, allowing remote code execution via crafted input. The vendor was contacted but did not respond.

Trending: CVE-2026-1138 is trending due to multiple social media posts highlighting its high CVSS score (8.8) and the availability of an exploit, with active discussions on platforms like Mastodon and TheHackerWire.

Vulnerability: Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. Affected products include Windows, Microsoft Office, Microsoft SQL Server, Azure, and other Microsoft systems.

Trending: CVE-2026-20805 is trending due to its status as an actively exploited zero-day vulnerability in real-world attacks, with CISA adding it to the KEV catalog. Multiple sources highlight its exploitation in the wild and high impact when chained with other vulnerabilities.

Vulnerability: An os command injection vulnerability in Fortinet FortiSIEM 7.4.0, 7.3.0–7.3.4, 7.1.0–7.1.8, 7.0.0–7.0.4, 6.7.0–6.7.10 allows attackers to execute unauthorized code via crafted

Vulnerability: A buffer overflow vulnerability exists in the setWiFiEasyGuestCfg function of the TOTOLINK A3700R 9.1.2u.5822_B20200513 device's /cgi-bin/cstecgi.cgi file. Manipulating the ssid argument can allow remote exploitation, leading to potential system compromise.

Trending: The vulnerability is trending due to public availability of an exploit and high severity (CVSS 8.8), with multiple social media posts highlighting its risks. Discussions on platforms like Mastodon emphasize its remote attack capability and the urgency for affected devices to be patched.

Vulnerability: A buffer overflow vulnerability in the strcpy function of the /goform/ConfigExceptAli file in UTT 进取 520W 1.7.7-180627 allows remote attackers to execute arbitrary code. The vulnerability is publicly exploited and affects the specified device model.

Trending: CVE-2026-1140 is trending due to active exploitation discussions on platforms like Mastodon and TheHackerWire, highlighting its high severity (8.8) and the vendor's lack of response despite public disclosure.

Vulnerability: CVE-2026-21265 involves expiring Microsoft certificates in Windows Secure Boot, which could disrupt the Secure Boot trust chain if not updated. Affected systems include Windows devices using Secure Boot with certificates nearing expiration, such as the Microsoft Corporation KEK CA 2011, UEFI CA 2011, and Windows Production PCA 2011.

Trending: The vulnerability is trending due to its inclusion in Microsoft’s January 2026 security update, labeled as an "actively exploited Secure Boot bypass" by security researchers. Social media and news outlets highlight its potential for exploitation, urging rapid patching to mitigate risks.

Vulnerability: Use of a broken cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally. Affected systems include Windows products utilizing Kerberos authentication.

Trending: The vulnerability is trending due to Microsoft's January security update addressing the issue, which marks the start of phasing out insecure RC4 encryption. It is part of a broader patch release targeting 112 security issues, including high-risk vulnerabilities like privilege escalation and remote code execution.

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2

Vulnerability: n8n versions 1.65.0 and below 1.121.0 allow unauthenticated remote attackers to access server files via form-based workflows, potentially exposing sensitive data and enabling further compromise. The vulnerability is fixed in version 1.121.0.

Trending: CVE-2026-21858 is trending due to confirmed exploit code (nuclei), reports of widespread impact on 100,000+ servers, and coverage by security experts like Bruce Schneier. It was flagged as exploited in the wild during January 2026 Patch Tuesday and discussed in multiple security news outlets.

Vulnerability: A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to an unknown function in the /worksheet/work_mod.jsp file's HTTP GET Parameter Handler. Manipulation of the argument ID allows remote attackers to exploit the flaw, with a publicly available exploit.

Trending: The vulnerability is trending due to social media mentions, including a CVE alert by @RedPacketSecurity, highlighting its public exploit availability and potential for remote attacks.

Vulnerability: A SQL injection flaw exists in the itsourcecode Society Management System 1.0, specifically in the unknown function of the /admin/delete_activity.php file. Manipulating the activity_id argument allows remote exploitation, with a published exploit available.

Trending: The vulnerability is trending due to active social media mentions, including a CVE alert from RedPacketSecurity, highlighting its potential for remote attacks and published exploit.

Vulnerability: A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to improper handling of the ID parameter in the /worksheet/del_workplan.jsp file's HTTP GET parameter handler. The flaw allows remote attackers to execute arbitrary SQL queries, impacting systems using this component.

Trending: The vulnerability is trending due to active social media discussions and exploit public disclosure, with RedPacketSecurity highlighting it on their platform, indicating heightened interest and potential for exploitation.

Vulnerability: A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to an unspecified function in the /worksheet/del_work.jsp file's HTTP GET Parameter Handler. Manipulating the ID argument allows remote exploitation, leading to potential database compromise.

Trending: The vulnerability is trending due to public exploit disclosure and active social media mentions, including a CVE alert from RedPacketSecurity, highlighting its relevance in current threat intelligence discussions.

Vulnerability: A SQL injection vulnerability in Yonyou KSOA 9.0 affects the /worksheet/work_info.jsp file via the HTTP GET Parameter Handler. Manipulation of the "ID" argument allows remote exploitation, enabling unauthorized database access.

Trending: The vulnerability is trending due to public disclosure and active exploitation reports, with security researchers highlighting it on platforms like Mastodon. The lack of vendor response to the disclosure has amplified attention from the cybersecurity community.

Vulnerability: A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to improper handling of the folderid parameter in the /kmf/edit_folder.jsp file's HTTP GET Parameter Handler. Remote attackers can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration or system compromise.

Trending: The vulnerability is trending due to public disclosure and active discussions on platforms like Mastodon, with RedPacketSecurity highlighting it as a critical threat. The lack of vendor response to the disclosure has amplified awareness, though no confirmed exploitation in the wild has been reported yet.

Vulnerability: A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to improper handling of the ID parameter in the /worksheet/worksadd_plan.jsp file. The flaw allows remote attackers to exploit the vulnerability via crafted HTTP GET requests, leading to potential unauthorized database access. The vendor was contacted but did not respond.

Trending: The vulnerability is trending due to active exploitation in the wild, with the exploit published and widely shared on platforms like Mastodon by security researchers, highlighting its immediate threat to affected systems.

Vulnerability: A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to improper handling of the ID parameter in the /worksheet/worksadd.jsp file. The vulnerability allows remote attackers to execute arbitrary SQL code.

Trending: The vulnerability is trending due to active social media alerts from security researchers, with public exploits available and discussions highlighting its potential for remote code execution in affected systems.

Vulnerability: A SQL injection vulnerability in Yonyou KSOA 9.0 allows remote attackers to exploit an unknown function in the /kmf/folder.jsp file's HTTP GET

Vulnerability: A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to an unknown function in the /kmc/save_catalog.jsp file's HTTP GET Parameter Handler. Manipulating the catalogid argument allows remote attackers to execute arbitrary SQL code.

Trending: The vulnerability is trending due to public exploit disclosure and active social media alerts, such as the CVE-2026-1131 alert by RedPacketSecurity, highlighting its potential for remote attacks and the vendor's lack of response.

Vulnerability: A command injection vulnerability exists in the D-Link DIR-823X device's /goform/set_wifidog_settings file, specifically in the sub_412E7C function. Manipulating the wd_enable argument allows remote attackers to execute arbitrary commands via command injection.

Trending: The vulnerability is trending due to social media alerts highlighting its public exploit availability, with notable mentions

Vulnerability: A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to an unspecified functionality in the /worksheet/work_report.jsp file's HTTP GET Parameter Handler. Manipulating the ID argument allows remote attackers to exploit the flaw, with a publicly released exploit enabling unauthorized database access.

Trending: The vulnerability is trending due to active social media discussions and a dedicated CVE alert from RedPacketSecurity, highlighting its public exploit availability and potential for widespread attacks.

Vulnerability: A pre-authentication remote code execution (RCE) vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, affecting packages like react-server-dom-parcel and react-server-dom-turbopack. The flaw arises from unsafe deserialization of payloads in Server Function endpoints.

Trending: CVE-2025-

Microsoft Office Remote Code Execution Vulnerability

Vulnerability: A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Secure Email and Web Manager allows unauthenticated, remote attackers to execute arbitrary system commands with root privileges due to insufficient validation of HTTP requests.

Trending: The vulnerability, rated critical with a CVSS score of 10, has been actively exploited in zero-day attacks by suspected Chinese hackers since December 2025, leading to full device control and prompting urgent patching efforts from Cisco.

Vulnerability: Improper symbolic link handling in the PutContents API of Gogs allows local code execution, affecting Gogs instances using this API.

Trending: CVE-2025-8110 is trending due to confirmed exploit code in the wild, active attacks on Gogs servers since July 2025, and CISA's inclusion in its Known Exploited Vulnerabilities (KEV) catalog.

Vulnerability: A remote code execution (RCE) vulnerability (CVE-2025-37164) exists in HPE OneView, affecting versions prior to 11.0. The flaw allows unauthenticated attackers to execute arbitrary code on affected systems.

Trending: The vulnerability is trending due to active exploitation in the wild by the RondoDox botnet, with thousands of automated attacks reported. CISA has cataloged it as critical, and exploit code is available in tools like Metasploit, Metasploit module, and nuclei, with an EPSS score exceeding 40%.

Microsoft Office Remote Code Execution Vulnerability

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143

Vulnerability: The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient escaping of user-supplied input and inadequate SQL query preparation, allowing unauthenticated attackers to extract sensitive database information.

Trending: CVE-2025-14770 is trending on platforms like Mastodon and Bluesky due to multiple security researchers and news outlets highlighting its high severity (7.5) and potential for exploitation, with active discussions and links to analysis articles.

Vulnerability: CVE-2025-65118 is a privilege escalation vulnerability in AVEVA Process Optimization that allows an authenticated standard user to execute arbitrary code via Process Optimization services, potentially leading to full compromise of the Model Application Server.

Trending: The vulnerability is trending due to multiple social

Vulnerability: Mismatched length fields in Zlib compressed protocol headers may allow an unauthenticated client to read uninitialized heap memory, affecting MongoDB Server versions prior to 7.0.28, 8.0.17, 8.2.3, 6.0.27, 5.0.32, 4.4.30, 4.2.0, 4.0.0, and 3.6.0.

Trending: CVE-2025-14847 (MongoBleed) is trending due to active exploitation in real-world attacks, with multiple social media posts highlighting its critical risk to MongoDB servers and urging immediate mitigation. Media outlets and security researchers emphasize its high-severity unauthenticated memory leak and potential for data exfiltration.

Microsoft Word Remote Code Execution Vulnerability

Vulnerability: Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. The vulnerability affects Windows systems, particularly NTFS components.

Trending: The vulnerability is trending due to its inclusion in Microsoft's January 2026 Patch Tuesday update, which addressed 112 vulnerabilities, including three zero-day exploits. It was actively exploited in the wild, with specific attention drawn to Windows 10 Version 1809.

Vulnerability: Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. This vulnerability affects Windows systems utilizing VBS features.

Trending: The vulnerability is trending due to its inclusion in Microsoft's January 2026 Patch Tuesday update, which addressed 112 flaws, including three zero-day vulnerabilities. One of the zero-days was actively exploited, making it a focal point in security advisories and media coverage.

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7

A heap-based buffer overflow vulnerability in Fortinet FortiOS 7

Vulnerability: An SQL Injection vulnerability (CWE-89) in Fortinet FortiClientEMS 7.0 through 7.4.4 allows authenticated attackers with read-only admin permissions to execute unauthorized SQL code via crafted HTTP/HTTPS requests.

A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5

Microsoft Excel Remote Code Execution Vulnerability

Vulnerability: A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1 (802.11 modules) allows an adjacent attacker to trigger a denial-of-service (DoS) by causing the device to reboot. This affects the Archer BE400 with firmware version xi 1.

Vulnerability: An OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK allows authenticated attackers with administrative access and adjacent network access to execute arbitrary operating system commands, potentially leading to full system compromise.

Trending: The vulnerability is trending due to its critical classification in SAP's January 2026 Security Patch Day, with multiple security sources highlighting it as a high-risk flaw requiring urgent patching. Social media and news outlets emphasize its potential for severe exploitation, including active discussions and alerts from security researchers.

Vulnerability: A critical remote code execution vulnerability in SAP Wily Introscope Enterprise Manager (WorkStation) allows unauthenticated attackers to create malicious JNLP files accessible via public URLs. When a victim opens the file, the Wily Introscope Server could execute arbitrary OS commands, compromising system confidentiality, integrity, and availability.

Trending: CVE-2026-0500 is trending due to its classification as a critical-severity issue in SAP's January 2026 Security Patch Day, with active discussions on social media platforms like Bluesky highlighting its remote code execution risk. It is part of a broader set of four critical vulnerabilities addressed in SAP's recent patch release.

Vulnerability: SAP HANA database is vulnerable to privilege escalation, allowing an attacker with valid credentials to switch to another user and potentially gain administrative access, compromising system confidentiality, integrity, and availability. Affected products include SAP HANA databases.

Trending: CVE-2026-0492 is trending as part of SAP's January 2026 critical security patches, classified as a critical-severity issue. It has garnered attention on social media and security platforms, with reports highlighting its potential for privilege escalation and the urgency for patching to prevent exploitation.

Vulnerability: SAP Fiori App Intercompany Balance Reconciliation lacks necessary authorization checks for authenticated users, enabling privilege escalation with high impact on confidentiality and integrity. Affected systems include SAP S/4HANA Private Cloud and On-Premise.

Trending: CVE-2026-0511 is gaining attention due to its critical severity classification in SAP's January 2026 patch release, with security analysts highlighting it as a significant risk. Social media and news outlets emphasize its inclusion in SAP's critical vulnerabilities