Back to trending CVEs

Week of July 13, 2026

Trending* CVEs over the last 7 days (from July 6, 2026 to July 13, 2026)

1
CVE-2026-48282Adobe / Coldfusion
KEV
SYRN Score96
CVSS10.0
Activity81
Published06/30/2026
StatusHighly Active

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

2
CVE-2026-55255Langflow / Langflow
KEV
SYRN Score95
CVSS8.4
Activity54
Published06/23/2026
StatusHighly Active

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1.

3
CVE-2026-53359Linux / Linux Kernel
SYRN Score23
CVSS
Activity49
Published07/04/2026
StatusHighly Active

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free.

4
CVE-2026-43499Linux / Linux Kernel
SYRN Score61
CVSS7.8
Activity45
Published05/21/2026
StatusHighly Active

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue operation. That results in several problems: 1) the rbtree dequeue happens without waiter::task::pi_lock being held 2) the waiter task's pi_blocked_on state is not cleared, which leaves a dangling pointer primed for UAF around. 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter task Use waiter::task instead of current in all related operations in remove_waiter() to cure those problems. [ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the changelog ]

5
CVE-2026-50656Microsoft / Cisco Identity Services Engine
SYRN Score63
CVSS7.8
Activity44
Published06/16/2026
StatusHighly Active

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ".

6
CVE-2026-20896Gitea / Gitea Open Source Git Server
SYRN Score76
CVSS9.8
Activity43
Published07/03/2026
StatusHighly Active

Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled.

7
CVE-2026-50746Ui / Unifi
SYRN Score93
CVSS10.0
Activity26
Published07/02/2026
StatusHighly Active

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.

8
CVE-2026-11405Tenda / Firmware
New
SYRN Score66
CVSS9.8
Activity24
Published07/06/2026
StatusActive

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuration. - It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password. A successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor

9
CVE-2024-42009Roundcube / Webmail
KEV
SYRN Score98
CVSS9.3
Activity22
Published08/05/2024
StatusActive

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

10
CVE-2023-5360Royal-elementor-addons / Royal Elementor Addons
SYRN Score97
CVSS9.8
Activity21
Published10/31/2023
StatusActive

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

* Trending is based on the number of sightings collected from SYRN's threat intelligence sources over the given period.

Monitor these vulnerabilities and get alerted when new threats target your stack.

Get Started Free