cPanel is a very popular hosting framework which is often very difficult to avoid exposing to the internet. The exploit for this weakness gives the attacker root access to cPanel (and from there easy RCE on the system), and the exploit is reliable, well documented, and affects all versions of cPanel except the latest patch. There are well over a million hosts exposed, and though cPanel does have some automated self-upgrade functionality, it can be turned off, and the window before an upgrade (usually up to 24h) is long enough for attacker to have already exploited this weakness. cPanel have provided a script you can use to detect if compromise has already occurred, which can be found here.
Vulnerability intelligence
Updated 44 minutes ago
FeedsTrending now
CVEs trending on social media within the last 24 hours
Hypemeter
Current score
Damp squib
1
CVE-2025-48595 Published Jun 1, 2026Hype score
12
high 8.4
AndroidCVE-2025-48595 is an elevation of privilege vulnerability affecting the Android platform. This flaw allows an attacker to gain elevated access without requiring any additional execution privileges or user interaction for successful exploitation. Google has noted that there are indications of limited, targeted exploitation of CVE-2025-48595, making the June 2026 security patch, which addresses this vulnerability, particularly important.
2
CVE-2024-21182 Published Jul 16, 2024Hype score
12
high 7.5
Exploit known
Oracle WebLogic ServerOracle Fusion MiddlewareCVE-2024-21182 is an authentication bypass vulnerability found in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware. This flaw allows an unauthenticated attacker to gain unauthorized access to the server by exploiting network access via the T3 or IIOP protocols. Successful exploitation of this vulnerability can lead to unauthorized access to critical data or even complete access to all data accessible by the Oracle WebLogic Server. The affected versions include 12.2.1.4.0 and 14.1.1.0.0.
3
CVE-2026-0257 Published May 13, 2026Hype score
11
high 7.8
Exploit known
PAN-OSGlobalProtectCVE-2026-0257 is an authentication bypass vulnerability found in the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS software. This flaw enables an attacker to circumvent security restrictions and establish an unauthorized Virtual Private Network (VPN) connection. The vulnerability stems from the system's reliance on cookies without adequate validation and integrity checking, specifically when authentication override cookies are enabled and a particular certificate configuration is in place. This issue does not impact Panorama or Cloud NGFW deployments.
Known exploited
Sourced from CISA's Known Exploited Vulnerability (KEV) catalog.
- CVE-2010-0249 Published Jan 15, 2010
high 8.8
Exploit known
WindowsMicrosoft Internet ExplorerUse-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
- CVE-2024-21182 Published Jul 16, 2024
Hype score
12
high 7.5
Exploit known
Oracle WebLogic ServerOracle Fusion MiddlewareCVE-2024-21182 is an authentication bypass vulnerability found in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware. This flaw allows an unauthenticated attacker to gain unauthorized access to the server by exploiting network access via the T3 or IIOP protocols. Successful exploitation of this vulnerability can lead to unauthorized access to critical data or even complete access to all data accessible by the Oracle WebLogic Server. The affected versions include 12.2.1.4.0 and 14.1.1.0.0.
- CVE-2026-0257 Published May 13, 2026
Hype score
11
high 7.8
Exploit known
PAN-OSGlobalProtectCVE-2026-0257 is an authentication bypass vulnerability found in the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS software. This flaw enables an attacker to circumvent security restrictions and establish an unauthorized Virtual Private Network (VPN) connection. The vulnerability stems from the system's reliance on cookies without adequate validation and integrity checking, specifically when authentication override cookies are enabled and a particular certificate configuration is in place. This issue does not impact Panorama or Cloud NGFW deployments.
Insights
See moreOur Security Team's most recent CVE analysis
- Link to CVE page
CVE-2026-41940
critical 9.3
Exploit known
Intruder Insights
Updated Apr 30, 2026
- Link to CVE page
CVE-2026-1340
critical 9.8
Exploit known
Intruder Insights
Updated Jan 30, 2026
This and the similar vulnerability CVE-2026-1281 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.
A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.
Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.
This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.
- Link to CVE page
CVE-2026-1281
critical 9.8
Exploit known
Intruder Insights
Updated Jan 30, 2026
This and the similar vulnerability CVE-2026-1340 allow an unauthenticated attacker to execute code remotely on unpatched Ivanti EPMM instances.
A patch is available from Ivanti here and should be installed immediately. There is a page for defenders who need to check if their instance has been compromised here, though this is a work in progress.
Note that this is a temporary patch which will be removed with further version updates. If you update the version of your EPMM instance after patching, you must apply the patch again. A fully patched version of EPMM will be available in future which will permanently fix the vulnerability.
This vulnerability was known to be used in the wild before being disclosed by the vendor. Proof of concept code is now available publicly, so increased attack activity is expected.