cPanel is a very popular hosting framework which is often very difficult to avoid exposing to the internet. The exploit for this weakness gives the attacker root access to cPanel (and from there easy RCE on the system), and the exploit is reliable, well documented, and affects all versions of cPanel except the latest patch. There are well over a million hosts exposed, and though cPanel does have some automated self-upgrade functionality, it can be turned off, and the window before an upgrade (usually up to 24h) is long enough for attacker to have already exploited this weakness. cPanel have provided a script you can use to detect if compromise has already occurred, which can be found here.
Vulnerability intelligence
Updated an hour ago
FeedsTrending now
CVEs trending on social media within the last 24 hours
Hypemeter
Current score
These are not the 0days you are looking for
1
CVE-2025-26529 Published Feb 24, 2025Hype score
28
high 8.3
MoodleCVE-2025-26529 is a stored Cross-Site Scripting (XSS) vulnerability found in Moodle's site administration live log functionality. The vulnerability exists because description information displayed in the site administration live log was not properly sanitized. This flaw affects Moodle versions 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15, and earlier unsupported versions. Successful exploitation of this vulnerability could allow attackers to inject malicious scripts that would be executed in the context of other users' browsers when they view the affected live log section in the site administration area. To remediate this vulnerability, users are advised to upgrade to the patched versions: Moodle 4.5.2, 4.4.6, 4.3.10, and 4.1.16. The fix involves implementing proper sanitization for event descriptions in the live log functionality.
2
CVE-2026-56196 Published Jul 14, 2026Hype score
20
high 8.8
Windows Admin CenterCVE-2026-56196 is identified as a Remote Code Execution Vulnerability affecting Windows Admin Center (WAC). This vulnerability was addressed by Microsoft as part of its July 2026 Patch Tuesday updates. It was classified as an "Important" vulnerability.
3
CVE-2026-58631 Published Jul 14, 2026Hype score
20
high 7.8
Windows Admin CenterCVE-2026-58631 is identified as a Remote Code Execution (RCE) vulnerability affecting Windows Admin Center (WAC). This flaw was disclosed as part of Microsoft's July 2026 Patch Tuesday updates. The vulnerability allows an attacker to execute arbitrary code remotely within the context of the Windows Admin Center.
Known exploited
Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.
- CVE-2026-58644 Published Jul 14, 2026
critical 9.8
Exploit known
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
- CVE-2026-39808 Published Apr 14, 2026
critical 9.8
Exploit known
Fortinet FortiSandboxCVE-2026-39808 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw stems from the improper neutralization of special elements used in OS commands, which allows attackers to inject malicious commands into system operations. Successful exploitation of CVE-2026-39808 enables remote attackers to execute unauthorized code or commands on the target system. This can be achieved without requiring any authentication or user interaction, typically through specially crafted HTTP requests to an API endpoint.
- CVE-2026-25089 Published Jun 9, 2026
critical 9.8
Exploit known
Fortinet FortiSandboxFortiSandbox CloudFortiSandbox PaaSCVE-2026-25089 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This flaw, categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allows an unauthenticated, remote attacker to execute unauthorized commands on the appliance. The vulnerability is triggered by sending specially crafted HTTP requests, specifically exploiting a second-order command injection within the JSON input of the "start VNC" feature in the web-based management interface. Successful exploitation of CVE-2026-25089 can lead to the execution of arbitrary OS commands on the underlying system. Affected versions include FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, all FortiSandbox 4.2 versions, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5.
Insights
See moreOur Security Team's most recent CVE analysis
- Link to CVE page
CVE-2026-41940
critical 9.3
Exploit known
Intruder Insights
Updated Apr 30, 2026
- Link to CVE page
CVE-2026-1340
critical 9.8
Exploit known
Intruder Insights
Updated Jan 30, 2026
This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.
A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.
Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.
This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.
- Link to CVE page
CVE-2026-1281
critical 9.8
Exploit known
Intruder Insights
Updated Jan 30, 2026
This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.
A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.
Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.
This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.