Vulnerability intelligence

Updated an hour ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

280100

Current score

These are not the 0days you are looking for

  1. 1

    CVE-2025-26529 Published Feb 24, 2025

    Hype score

    28

    high 8.3

    Moodle

    CVE-2025-26529 is a stored Cross-Site Scripting (XSS) vulnerability found in Moodle's site administration live log functionality. The vulnerability exists because description information displayed in the site administration live log was not properly sanitized. This flaw affects Moodle versions 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15, and earlier unsupported versions. Successful exploitation of this vulnerability could allow attackers to inject malicious scripts that would be executed in the context of other users' browsers when they view the affected live log section in the site administration area. To remediate this vulnerability, users are advised to upgrade to the patched versions: Moodle 4.5.2, 4.4.6, 4.3.10, and 4.1.16. The fix involves implementing proper sanitization for event descriptions in the live log functionality.

  2. 2

    CVE-2026-56196 Published Jul 14, 2026

    Hype score

    20

    high 8.8

    Windows Admin Center

    CVE-2026-56196 is identified as a Remote Code Execution Vulnerability affecting Windows Admin Center (WAC). This vulnerability was addressed by Microsoft as part of its July 2026 Patch Tuesday updates. It was classified as an "Important" vulnerability.

  3. 3

    CVE-2026-58631 Published Jul 14, 2026

    Hype score

    20

    high 7.8

    Windows Admin Center

    CVE-2026-58631 is identified as a Remote Code Execution (RCE) vulnerability affecting Windows Admin Center (WAC). This flaw was disclosed as part of Microsoft's July 2026 Patch Tuesday updates. The vulnerability allows an attacker to execute arbitrary code remotely within the context of the Windows Admin Center.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2026-58644 Published Jul 14, 2026

    critical 9.8

    Exploit known

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

  2. CVE-2026-39808 Published Apr 14, 2026

    critical 9.8

    Exploit known

    Fortinet FortiSandbox

    CVE-2026-39808 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw stems from the improper neutralization of special elements used in OS commands, which allows attackers to inject malicious commands into system operations. Successful exploitation of CVE-2026-39808 enables remote attackers to execute unauthorized code or commands on the target system. This can be achieved without requiring any authentication or user interaction, typically through specially crafted HTTP requests to an API endpoint.

  3. CVE-2026-25089 Published Jun 9, 2026

    critical 9.8

    Exploit known

    Fortinet FortiSandboxFortiSandbox CloudFortiSandbox PaaS

    CVE-2026-25089 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This flaw, categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allows an unauthenticated, remote attacker to execute unauthorized commands on the appliance. The vulnerability is triggered by sending specially crafted HTTP requests, specifically exploiting a second-order command injection within the JSON input of the "start VNC" feature in the web-based management interface. Successful exploitation of CVE-2026-25089 can lead to the execution of arbitrary OS commands on the underlying system. Affected versions include FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, all FortiSandbox 4.2 versions, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2026-41940

    critical 9.3

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Apr 30, 2026

    cPanel is a very popular hosting framework which is often very difficult to avoid exposing to the internet. The exploit for this weakness gives the attacker root access to cPanel (and from there easy RCE on the system), and the exploit is reliable, well documented, and affects all versions of cPanel except the latest patch. There are well over a million hosts exposed, and though cPanel does have some automated self-upgrade functionality, it can be turned off, and the window before an upgrade (usually up to 24h) is long enough for attacker to have already exploited this weakness. cPanel have provided a script you can use to detect if compromise has already occurred, which can be found here.

    cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

  2. CVE-2026-1340

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  3. CVE-2026-1281

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.