CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 04 May 2026

by Amir Hadzipasic

May 4, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-26322

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescaped path was interpolated directly into an echo statement, allowing arbitrary command execution on the remote SSH host. The parseSSHTarget function did not validate that SSH target strings could not begin with a dash. An attacker-supplied target like -oProxyCommand=… would be interpreted as an SSH configuration flag rather than a hostname, allowing arbitrary command execution on the local machine. This issue has been patched in version 2026.1.29.

2. CVE-2026-24763

3. CVE-2026-25157

4. CVE-2026-25253

5. CVE-2026-25475

6. CVE-2026-26329

7. CVE-2026-27001

https://nvd.nist.gov/vuln/detail/CVE-2026-31431

8. CVE-2026-31431

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead – Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

9. CVE-2026-27940

llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past the buffer boundary. This is a bypass of a similar bug in the same file – CVE-2025-53630, but the fix overlooked some areas. This vulnerability is fixed in b8146.

https://nvd.nist.gov/vuln/detail/CVE-2026-27940

10. CVE-2025-53630

https://nvd.nist.gov/vuln/detail/CVE-2025-53630

https://nvd.nist.gov/vuln/detail/

The SOS Intelligence CVE Chatter Weekly Top Ten –

by Amir Hadzipasic

April 27, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

10.

https://nvd.nist.gov/vuln/detail/

The SOS Intelligence CVE Chatter Weekly Top Ten – 20 April 2026

by Amir Hadzipasic

April 20, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-25253

2. CVE-2026-25157

3. CVE-2026-24763

4. CVE-2026-25475

5. CVE-2026-26322

6. CVE-2026-27001

7. CVE-2026-26329

https://nvd.nist.gov/vuln/detail/CVE-2025-43510

8. CVE-2025-43510

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.

9. CVE-2026-20700

https://nvd.nist.gov/vuln/detail/CVE-2026-20700

10. CVE-2025-43529

https://nvd.nist.gov/vuln/detail/CVE-2025-43529

The SOS Intelligence CVE Chatter Weekly Top Ten – 06 April 2026

by Amir Hadzipasic

April 6, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-26329

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool’s `upload` action. The server passed these paths to Playwright’s `setInputFiles()` APIs without restricting them to a safe root. An attacker must reach the Gateway HTTP surface (or otherwise invoke the same browser control hook endpoints); present valid Gateway auth (bearer token / password), as required by the Gateway configuration (In common default setups, the Gateway binds to loopback and the onboarding wizard generates a gateway token even for loopback); and have the `browser` tool permitted by tool policy for the target session/context (and have browser support enabled). If an operator exposes the Gateway beyond loopback (LAN/tailnet/custom bind, reverse proxy, tunnels, etc.), the impact increases accordingly. Starting in version 2026.2.14, the upload paths are now confined to OpenClaw’s temp uploads root (`DEFAULT_UPLOAD_DIR`) and traversal/escape paths are rejected.

2. CVE-2026-26322

3. CVE-2026-27001

4. CVE-2026-25475

5. CVE-2026-24763

6. CVE-2026-25253

7. CVE-2026-25157

https://nvd.nist.gov/vuln/detail/CVE-2024-38476

8. CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

9. CVE-2025-43529

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.

https://nvd.nist.gov/vuln/detail/CVE-2025-43529

10. CVE-2025-43520

https://nvd.nist.gov/vuln/detail/CVE-2025-43520

The SOS Intelligence CVE Chatter Weekly Top Ten – 30 March 2026

by Amir Hadzipasic

March 30, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-24763

2. CVE-2026-25157

3. CVE-2026-25253

4. CVE-2026-27001

5. CVE-2026-26329

6. CVE-2026-26322

7. CVE-2026-25475

https://nvd.nist.gov/vuln/detail/CVE-2025-31277

8. CVE-2025-31277

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

9. CVE-2025-43520

https://nvd.nist.gov/vuln/detail/CVE-2025-43520

10. CVE-2026-20700

https://nvd.nist.gov/vuln/detail/CVE-2026-20700

https://nvd.nist.gov/vuln/detail/CVE-2026-32597

The SOS Intelligence CVE Chatter Weekly Top Ten – 23 March 2026

by Amir Hadzipasic

March 23, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-32597

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.

2. CVE-2026-27631

https://nvd.nist.gov/vuln/detail/CVE-2026-27631

3. CVE-2025-61147

https://nvd.nist.gov/vuln/detail/CVE-2025-61147

4. CVE-2026-3606

https://nvd.nist.gov/vuln/detail/CVE-2026-3606

5. CVE-2026-25884

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2026-25884

6. CVE-2026-32239

Cap’n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk’s size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.

https://nvd.nist.gov/vuln/detail/CVE-2026-32239

7. CVE-2026-32240

https://nvd.nist.gov/vuln/detail/CVE-2026-32240

8. CVE-2026-23925

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allowing an authenticated attacker with network reachability to the Remote Access Server to request files outside the intended directory. The impact is bounded by the Android application sandbox and storage restrictions, typically limiting exposure to app-internal and app-specific external storage.

https://nvd.nist.gov/vuln/detail/CVE-2026-23925

9. CVE-2026-27596

https://nvd.nist.gov/vuln/detail/CVE-2026-27596

10. CVE-2026-31958

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

https://nvd.nist.gov/vuln/detail/CVE-2026-31958

The SOS Intelligence CVE Chatter Weekly Top Ten – 16 March 2026

by Amir Hadzipasic

March 16, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2026-24763

2. CVE-2026-25157

3. CVE-2026-25253

4. CVE-2026-25475

5. CVE-2026-26322

6. CVE-2026-26329

7. CVE-2026-27001

https://nvd.nist.gov/vuln/detail/CVE-2024-38476

8. CVE-2024-38476

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

9. CVE-2023-52658

In the Linux kernel, the following vulnerability has been resolved:

bpf: Reject narrower access to pointer ctx fields

The following BPF program, simplified from a syzkaller repro, causes a
kernel warning:

r0 = *(u8 *)(r1 + 169);
exit;

With pointer field sk being at offset 168 in __sk_buff. This access is
detected as a narrower read in bpf_skb_is_valid_access because it
doesn’t match offsetof(struct __sk_buff, sk). It is therefore allowed
and later proceeds to bpf_convert_ctx_access. Note that for the
“is_narrower_load” case in the convert_ctx_accesses(), the insn->off
is aligned, so the cnt may not be 0 because it matches the
offsetof(struct __sk_buff, sk) in the bpf_convert_ctx_access. However,
the target_size stays 0 and the verifier errors with a kernel warning:

verifier bug: error during ctx access conversion(1)

This patch fixes that to return a proper “invalid bpf_context access
off=X size=Y” error on the load instruction.

The same issue affects multiple other fields in context structures that
allow narrow access. Some other non-affected fields (for sk_msg,
sk_lookup, and sockopt) were also changed to use bpf_ctx_range_ptr for
consistency.

Note this syzkaller crash was reported in the “Closes” link below, which
used to be about a different bug, fixed in
commit fce7bd8e385a (“bpf/verifier: Handle BPF_LOAD_ACQ instructions
in insn_def_regno()”). Because syzbot somehow confused the two bugs,
the new crash and repro didn’t get reported to the mailing list.

https://nvd.nist.gov/vuln/detail/CVE-2023-52658

10. CVE-2023-53421

In the Linux kernel, the following vulnerability has been resolved:

bpf: Reject narrower access to pointer ctx fields

The following BPF program, simplified from a syzkaller repro, causes a
kernel warning:

r0 = *(u8 *)(r1 + 169);
exit;

verifier bug: error during ctx access conversion(1)

This patch fixes that to return a proper “invalid bpf_context access
off=X size=Y” error on the load instruction.

https://nvd.nist.gov/vuln/detail/CVE-2023-53421

https://nvd.nist.gov/vuln/detail/CVE-2025-0368

The SOS Intelligence CVE Chatter Weekly Top Ten – 09 March 2026

by Amir Hadzipasic

March 9, 2026

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2025-0368

The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.

2. CVE-2025-68613

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-68613

3. CVE-2016-10033

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2016-10033

4. CVE-2022-21227

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2022-21227

5. CVE-2021-40539

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2021-40539

6. CVE-2025-50708

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-50708

7. CVE-2024-21762

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

8. CVE-2025-21204

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2025-21204

9. CVE-2024-34102

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2024-34102

10. CVE-2017-8759

Improper neutralization of special elements used in a command (‘command injection’) in Windows PowerShell allows an unauthorized attacker to execute code locally.

https://nvd.nist.gov/vuln/detail/CVE-2017-8759