Vulnerability intelligence

Updated an hour ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

350100

Current score

Soft-boiled

  1. 1

    CVE-2026-63030 Published Jul 17, 2026

    Hype score

    35

    critical 9.8

    WordPresswp2shell

    CVE-2026-63030 is an unauthenticated remote code execution (RCE) vulnerability affecting WordPress versions 6.9 and later. This flaw allows an attacker to execute arbitrary code through the batch endpoint of the REST API. Exploitation of CVE-2026-63030 does not require any user interaction or authentication, and it is specifically possible when a persistent object cache is not in use. The vulnerability is related to a REST API batch-route confusion and SQL injection issue. Fixes for this vulnerability have been released in WordPress 7.0.2 and 6.9.5.

  2. 2

    CVE-2026-60137 Published Jul 17, 2026

    Hype score

    35

    medium 5.9

    WordPresswp2shell

    CVE-2026-60137 is a SQL injection vulnerability found in WordPress versions 6.8 and later. This flaw arises from the improper sanitization of the `author__not_in` parameter within `WP_Query` when untrusted data is passed to it by a plugin or theme. This vulnerability allows crafted input to alter a database query, potentially leading to unauthorized access or manipulation of data. Patches have been released for affected versions, specifically in WordPress 6.8.6, 6.9.5, and 7.0.2, as well as 7.1 beta2.

  3. 3

    CVE-2026-15409 Published Jul 14, 2026

    Hype score

    17

    critical 10.0

    Exploit known

    NetworkServerCloudNetgearSonicwall

    CVE-2026-15409 is a critical server-side request forgery (SSRF) vulnerability impacting SonicWall SMA 1000 Series appliances. This flaw resides within the SMA1000 Appliance WorkPlace interface. Exploitation of CVE-2026-15409 can allow remote, unauthenticated attackers to compel the appliance to initiate requests to unintended network locations. This vulnerability has been observed in active exploitation, frequently in conjunction with CVE-2026-15410. SonicWall has released firmware patches to address this issue and advises customers to upgrade their appliances and investigate for potential compromise.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2026-58644 Published Jul 14, 2026

    Hype score

    8

    critical 9.8

    Exploit known

    Microsoft OfficeSharePoint

    CVE-2026-58644 is a vulnerability found in Microsoft Office SharePoint, categorized as a deserialization of untrusted data flaw. This vulnerability enables an unauthorized attacker to execute code over a network. The flaw affects multiple versions of Microsoft SharePoint Server, including Subscription Edition, 2019, and 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-58644 to its Known Exploited Vulnerabilities Catalog, indicating that it is being actively exploited.

  2. CVE-2026-39808 Published Apr 14, 2026

    Hype score

    4

    critical 9.8

    Exploit known

    Fortinet FortiSandbox

    CVE-2026-39808 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw stems from the improper neutralization of special elements used in OS commands, which allows attackers to inject malicious commands into system operations. Successful exploitation of CVE-2026-39808 enables remote attackers to execute unauthorized code or commands on the target system. This can be achieved without requiring any authentication or user interaction, typically through specially crafted HTTP requests to an API endpoint.

  3. CVE-2026-25089 Published Jun 9, 2026

    Hype score

    4

    critical 9.8

    Exploit known

    Fortinet FortiSandboxFortiSandbox CloudFortiSandbox PaaS

    CVE-2026-25089 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This flaw, categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allows an unauthenticated, remote attacker to execute unauthorized commands on the appliance. The vulnerability is triggered by sending specially crafted HTTP requests, specifically exploiting a second-order command injection within the JSON input of the "start VNC" feature in the web-based management interface. Successful exploitation of CVE-2026-25089 can lead to the execution of arbitrary OS commands on the underlying system. Affected versions include FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, all FortiSandbox 4.2 versions, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2026-63030

    critical 9.8

    Link to CVE page

    Intruder Insights

    Updated Jul 17, 2026

    This is one of two vulnerabilities in a combined chain that allows unauthenticated SQL injection on any stock WordPress installation. CVE-2026-63030 is the entry point — a route confusion bug in the REST API batch endpoint that bypasses authentication, allowing an attacker to invoke internal handlers without any permission check. When combined with CVE-2026-60137, the full chain gives an unauthenticated attacker the ability to read any data from the WordPress database with a single HTTP request.

    WordPress 6.9.0–6.9.4 and 7.0.0–7.0.1 are affected. Update to WordPress 6.9.5 or 7.0.2 immediately. No plugins, user interaction, or non-default configuration is required to exploit. Given WordPress powers approximately 43% of all websites, the attack surface is enormous.

    WordPress Core contains a pre-authentication route confusion vulnerability in the REST API batch endpoint that, combined with CVE-2026-60137, allows unauthenticated SQL injection and potential remote code execution.

    WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the author__not_in WP_Query SQL Injection (CVE-2026-60137), could allow an attacker to perform SQL Injection and achieve Remote Code Execution.

  2. CVE-2026-60137

    medium 5.9

    Link to CVE page

    Intruder Insights

    Updated Jul 17, 2026

    This SQL injection vulnerability is the second half of a critical exploit chain alongside CVE-2026-63030. On its own, CVE-2026-60137 requires a plugin or theme to pass untrusted input — but when combined with CVE-2026-63030's authentication bypass, it becomes exploitable on stock WordPress with no plugins installed.

    WordPress 6.9.0–6.9.4 and 7.0.0–7.0.1 are affected. Update to WordPress 6.9.5 or 7.0.2 immediately. Both CVEs were patched in the same security release.

    WordPress Core contains an SQL injection vulnerability in WP_Query where a query parameter is inserted directly into SQL without sanitisation when provided as a string value.

    WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter.

  3. CVE-2026-41940

    critical 9.3

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Apr 30, 2026

    cPanel is a very popular hosting framework which is often very difficult to avoid exposing to the internet. The exploit for this weakness gives the attacker root access to cPanel (and from there easy RCE on the system), and the exploit is reliable, well documented, and affects all versions of cPanel except the latest patch. There are well over a million hosts exposed, and though cPanel does have some automated self-upgrade functionality, it can be turned off, and the window before an upgrade (usually up to 24h) is long enough for attacker to have already exploited this weakness. cPanel have provided a script you can use to detect if compromise has already occurred, which can be found here.

    cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.