Vulnerability Trends — Top Exploited CVEs and Zero-Days | dbugs

#1 · PT-2026-53941 · Orkes · Orkes Conductor

·

CVE-2026-58138

·

Published

2026-06-30

·

Updated

2026-07-16

9.8

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Orkes Conductor versions 3.21.21 through 3.30.1
Description An unauthenticated remote code execution issue allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint. This occurs when unsandboxed GraalVM evaluators are configured with HostAccess.ALL or...
More

Exploit

Fix

RCE

Code Injection

3 Posts
6Reposts
406.8 K Audience
Graph

#2 · PT-2026-58211 · Microsoft · Age Of Empires Ii: Definitive Edition Game

CVE-2026-50663

·

Published

2026-07-14

·

Updated

2026-07-16

8.8

High

Base

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Age of Empires II: Definitive Edition (affected versions not specified)
Description A relative path traversal issue allows an unauthorized attacker to achieve remote code execution over a network. The attack occurs when a user joins an attacker-controlled lobby and accepts User Generated Content (UCG), which is content created by players rather than the developers.
**Recomm...
More

RCE

Relative Path Traversal

4 Posts
264Reposts
236.0 K Audience
Graph

#3 · PT-2026-34274 · Linux · Linux Kernel

·

CVE-2026-31431

·

Published

2026-03-23

·

Updated

2026-07-15

7.8

High

Base

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0 Linux kernel versions prior to 6.19.12
Description A flaw exists in the algif aead cryptographic algorithm interface of the Linux kernel. The issue stems from an incorrect in-place operation during cryptographic processing where source and destination data mappings differ. A local attacker with low privileges can exploit this by splicing...
More

Exploit

Fix

RCE

DoS

LPE

Use After Free

849 Posts
6.7 KReposts
5.4 M Audience
Graph

#4 · PT-2026-60346 · 7 Zip · 7-Zip

CVE-2026-14266

·

Published

2026-07-15

·

Updated

2026-07-17

None

Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 26.02
Description A flaw in the processing of XZ chunked data allows remote attackers to execute arbitrary code in the context of the current process. The issue occurs when the software processes specially crafted XZ-compressed data streams, triggering a heap-based buffer overflow. A heap-based buffer overflow is a memory corruption issue that happens...
More
9 Posts
310Reposts
77.4 K Audience
Graph

#5 · PT-2026-58291 · Sonicwall · Sma1000

·

CVE-2026-15409

·

Published

2026-07-14

·

Updated

2026-07-17

10

Critical

Base

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SonicWall SMA 1000 (affected versions not specified)
Description An issue exists in the Appliance Work Place interface due to insufficient server-side request validation. This allows a remote unauthenticated attacker to perform a Server-Side Request Forgery (SSRF), which is a technique that forces the server to make requests to unintended locations.
Recommendations At t...
More

RCE

LPE

SSRF

73 Posts
170Reposts
62.9 K Audience
Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph
  • Graph