hypeorhack

Trending vulnerabilities

1h24h7d
Trending 7
Critical 1
In KEV 1
Peak EPSS 100%
Posts 8
#1 CVE-2026-4020
HIGH · 7.5
hype LIKELY HACK · 68 hack

Real vuln, active attacker chatter, no KEV yet; unclear scale of exploitation.

What: Gravity SMTP WordPress plugin (≤2.1.4) exposes 365 KB of sensitive system data via unauthenticated REST API endpoint—CVSS 7.5 HIGH.

Why it matters: Real vulnerability with clear attack surface (no auth required, REST endpoint discoverable). Posts reference active reconnaissance ("attackers are the same client"), suggesting in-the-wild targeting. No KEV listing yet, but EPSS low (0.03) and chatter is recent (June 2026). CrowdSec advisory noted; defenders likely triaging WordPress instances.

Where it's seen: French-language security media, HackerNews discussion threads, blog coverage from honeylabs and cyberveille flagging live reconnaissance activity and shared attacker infrastructure.

score 2 2 posts
#2 CVE-2026-49402
hype unscored hack
score 2 1 post
#3 CVE-2025-22457
CRITICAL · 9.0 KEV EPSS 100%
hype unscored hack

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

score 1 1 post

Also trending

  1. 4 CVE-2026-5792 MEDIUM · 6.5 score 1 · 1 post
    hype unscored hack

    Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. This issue affects Related Marketing Cloud (RMC): through 12052026.

  2. 5 CVE-2026-1220 HIGH · 7.5 score 1 · 1 post
    hype unscored hack

    Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)

  3. 6 CVE-2026-35641 HIGH · 7.8 score 1 · 1 post
    hype unscored hack

    OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can leverage git dependencies to trigger execution of arbitrary programs specified in the attacker-controlled .npmrc configuration file.

  4. 7 CVE-2026-0092 score 1 · 1 post
    hype unscored hack