Vulnerability intelligence

Updated 36 minutes ago

Feeds

Trending now

CVEs trending on social media within the last 24 hours

Hypemeter

140100

Current score

These are not the 0days you are looking for

  1. 1

    CVE-2026-15409 Published Jul 14, 2026

    Hype score

    14

    critical 10.0

    Exploit known

    CloudSonicwallNetgearServerNetwork

    CVE-2026-15409 is a critical server-side request forgery (SSRF) vulnerability impacting SonicWall SMA 1000 Series appliances. This flaw resides within the SMA1000 Appliance WorkPlace interface. Exploitation of CVE-2026-15409 can allow remote, unauthenticated attackers to compel the appliance to initiate requests to unintended network locations. This vulnerability has been observed in active exploitation, frequently in conjunction with CVE-2026-15410. SonicWall has released firmware patches to address this issue and advises customers to upgrade their appliances and investigate for potential compromise.

  2. 2

    CVE-2026-58644 Published Jul 14, 2026

    Hype score

    13

    critical 9.8

    Exploit known

    SharePointMicrosoft Office

    CVE-2026-58644 is a vulnerability found in Microsoft Office SharePoint, categorized as a deserialization of untrusted data flaw. This vulnerability enables an unauthorized attacker to execute code over a network. The flaw affects multiple versions of Microsoft SharePoint Server, including Subscription Edition, 2019, and 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-58644 to its Known Exploited Vulnerabilities Catalog, indicating that it is being actively exploited.

  3. 3

    CVE-2026-25089 Published Jun 9, 2026

    Hype score

    12

    critical 9.8

    Exploit known

    FortiSandbox CloudFortinet FortiSandboxFortiSandbox PaaS

    CVE-2026-25089 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This flaw, categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allows an unauthenticated, remote attacker to execute unauthorized commands on the appliance. The vulnerability is triggered by sending specially crafted HTTP requests, specifically exploiting a second-order command injection within the JSON input of the "start VNC" feature in the web-based management interface. Successful exploitation of CVE-2026-25089 can lead to the execution of arbitrary OS commands on the underlying system. Affected versions include FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, all FortiSandbox 4.2 versions, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5.

See more

Known exploited

Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.

  1. CVE-2026-58644 Published Jul 14, 2026

    Hype score

    13

    critical 9.8

    Exploit known

    Microsoft OfficeSharePoint

    CVE-2026-58644 is a vulnerability found in Microsoft Office SharePoint, categorized as a deserialization of untrusted data flaw. This vulnerability enables an unauthorized attacker to execute code over a network. The flaw affects multiple versions of Microsoft SharePoint Server, including Subscription Edition, 2019, and 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-58644 to its Known Exploited Vulnerabilities Catalog, indicating that it is being actively exploited.

  2. CVE-2026-39808 Published Apr 14, 2026

    Hype score

    12

    critical 9.8

    Exploit known

    Fortinet FortiSandbox

    CVE-2026-39808 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw stems from the improper neutralization of special elements used in OS commands, which allows attackers to inject malicious commands into system operations. Successful exploitation of CVE-2026-39808 enables remote attackers to execute unauthorized code or commands on the target system. This can be achieved without requiring any authentication or user interaction, typically through specially crafted HTTP requests to an API endpoint.

  3. CVE-2026-25089 Published Jun 9, 2026

    Hype score

    12

    critical 9.8

    Exploit known

    Fortinet FortiSandboxFortiSandbox CloudFortiSandbox PaaS

    CVE-2026-25089 is an operating system (OS) command injection vulnerability affecting Fortinet FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. This flaw, categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), allows an unauthenticated, remote attacker to execute unauthorized commands on the appliance. The vulnerability is triggered by sending specially crafted HTTP requests, specifically exploiting a second-order command injection within the JSON input of the "start VNC" feature in the web-based management interface. Successful exploitation of CVE-2026-25089 can lead to the execution of arbitrary OS commands on the underlying system. Affected versions include FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, all FortiSandbox 4.2 versions, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5.

See more

Insights

See more

Our Security Team's most recent CVE analysis

  1. CVE-2026-41940

    critical 9.3

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Apr 30, 2026

    cPanel is a very popular hosting framework which is often very difficult to avoid exposing to the internet. The exploit for this weakness gives the attacker root access to cPanel (and from there easy RCE on the system), and the exploit is reliable, well documented, and affects all versions of cPanel except the latest patch. There are well over a million hosts exposed, and though cPanel does have some automated self-upgrade functionality, it can be turned off, and the window before an upgrade (usually up to 24h) is long enough for attacker to have already exploited this weakness. cPanel have provided a script you can use to detect if compromise has already occurred, which can be found here.

    cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

  2. CVE-2026-1340

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

  3. CVE-2026-1281

    critical 9.8

    Exploit known

    Link to CVE page

    Intruder Insights

    Updated Jan 30, 2026

    This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.

    A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.

    Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.

    This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.

    A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.