Trending CVE's | Top 10 Kwetsbaarheden

Top 10 CVE's Trending op Sociale Media

Bijgewerkt: 27 mei 2026 | Bron: CVEmon (Intruder.io) | Data: Shodan CVEDB, CISA KEV, FIRST EPSS

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

CVSS 8.1 HOOG EPSS - KEV: Nee Hype: 8

CVE-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

CVSS 8.1 HOOG EPSS - KEV: Nee Hype: 8

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

CVSS 7.5 HOOG EPSS 36.1% (P98) ↑ KEV: Nee Hype: 7

CVE-2026-42558

Currently trending CVE - Hype Score: 5

CVSS - EPSS - KEV: ? Hype: 5

CVE-2026-9082

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 ...

CVSS 9.8 KRITIEK EPSS - KEV: Ja Hype: 4

CVE-2026-21509

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

CVSS 7.8 HOOG EPSS 10.9% (P94) ↓ KEV: Ja Hype: 4

CVE-2025-47985

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

CVSS 7.8 HOOG EPSS 0.6% (P71) → KEV: Nee Hype: 3

CVE-2026-41091

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVSS 7.8 HOOG EPSS - KEV: Ja Hype: 2

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpane...

CVSS 9.8 KRITIEK EPSS - KEV: Ja Hype: 1

#10

CVE-2025-55182

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, rea...

CVSS 10.0 KRITIEK EPSS 82.0% (P99) → KEV: Ja Ransomware Hype: 1

Legenda: CVSS = ernstscore (0-10): 9.0-10 Kritiek 7.0-8.9 Hoog 4.0-6.9 Middel 0.1-3.9 Laag | EPSS = kans op exploitatie (FIRST.org) | KEV = CISA Known Exploited Vulnerabilities | Hype = trending score op sociale media