Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM

What is CVE-2026-41940? CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow and allows unauthenticated remote attackers to gain unauthorized access to...

CVE-2026-2095

creationtimestamp| type| source ---|---|--- 2026-02-06 12:06:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html 2026-02-10 07:21:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meighaymld2g 2026-02-10 09:00:35+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2022-2095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all...

CVE-2002-2095

Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using 1 index.webroot and 2 index.ipallow...

CVE-2025-2095

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-2095

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-2095 TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-2095

This CVE concerns TOTOLINK EX1800T 9.1.0cu.2112_B20220316. The vulnerability is in the function setDmzCfg of /cgi-bin/cstecgi.cgi, where manipulating the ip parameter enables an OS command injection. It can be exploited remotely, and the exploit has been disclosed publicly. The issue stems from h...

CVE-2025-2095 TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2023-2095

creationtimestamp| type| source ---|---|--- 2023-04-15 14:39:46+00:00| seen| https://t.me/cibsecurity/62220 2023-11-25 01:50:15+00:00| seen| https://t.me/arpsyndicate/560 2023-12-10 13:17:34+00:00| seen| https://t.me/arpsyndicate/1626...

CVE-2023-2095 SourceCodester Vehicle Service Management System manage_category.php sql injection

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/managecategory.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...

CVE-2023-2095

CVE-2023-2095 affects SourceCodester Vehicle Service Management System 1.0. A vulnerability exists in the file /admin/maintenance/manage_category.php where manipulating the id parameter triggers a SQL injection . The issue can be triggered remotely, and the exploit has been disclosed publicly. Co...

GitLab 13.7.x - 15.0.4, 15.1.x - 15.1.3, 15.2 Improper Access Control Vulnerability

GitLab is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

CVE-2022-2095

An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint a...

CVE-2022-2095

The CVE-2022-2095 issue affects GitLab CE/EE: versions 13.7–15.0.4, 15.1–15.1.3, and 15.2–15.2.0 are affected by an improper access control check that lets an authenticated user view a public Deploy Key’s fingerprint and name when the key has write permission. GitLab notes that the private key is...

SUSE: Security Advisory (SUSE-SU-2020:2095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-2095

Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2020-2095

Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2020-2095

CVE-2020-2095 affects the Jenkins Redgate SQL Change Automation Plugin (versions 2.0.4 and earlier). The vulnerability arises because an API key is stored unencrypted in job config.xml files on the Jenkins master, allowing viewing by users with Extended Read permission or access to the master fil...