This article aggregates the top ten most actively exploited CVEs from the past week, ranking them by social post volume. It provides a summary of each vulnerability, including its CVSS score, a brief description of the attack vector, and, where available, patch information; for example, CVE-2026-20700 (CVSS 7.8) is a memory corruption issue in multiple Apple operating systems fixed in version 26.3. The report serves as a prioritized alert list for security teams to assess immediate patching and mitigation needs within their environments.
Home / Vulnerability Intelligence / Top Exploited CVEs This Week Top Exploited CVEs This Week This report ranks the ten most actively discussed and exploited vulnerabilities from the past week, using signals from security intelligence feeds, community channels, and exploitation monitoring. CVE-2026-20700 High CVSS: 7.8 15 posts 1 repo EPSS 12.7 % A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memo... View full CVE details β CVE-2026-1306 Critical CVSS: 9.8 6 posts 1 repo EPSS 13.9 % The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1... View full CVE details β CVE-2026-1670 Critical CVSS: 9.8 6 posts The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address. View full CVE details β CVE-2026-2439 Critical CVSS: 9.8 6 posts EPSS 1.8 % Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to gene... View full CVE details β CVE-2026-22719 High CVSS: 8.1 6 posts EPSS 735.3 % VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMw... View full CVE details β CVE-2026-21385 High CVSS: 7.8 6 posts 1 repo EPSS 34.1 % Memory corruption while using alignments for memory allocation. View full CVE details β CVE-2026-21902 Critical CVSS: 9.8 5 posts 1 repo EPSS 28.2 % An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-b... View full CVE details β CVE-2026-2331 Critical CVSS: 9.8 5 posts EPSS 16.7 % An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem direct... View full CVE details β CVE-2026-2550 Critical CVSS: 9.8 4 posts A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack ma... View full CVE details β CVE-2026-2516 High CVSS: 7.0 4 posts A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled sea... View full CVE details β Methodology Vulnerabilities are ranked by social post volume β the number of security community discussions and mentions associated with each CVE across our intelligence feeds. The data is generated from the LeakyCreds vulnerability intelligence dataset and is updated regularly to reflect the latest trending and high-signal CVEs. Last updated: March 8, 2026 at 05:05 PM