Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM

What is CVE-2026-41940? CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow and allows unauthenticated remote attackers to gain unauthorized access to...

CVE-2026-41635

creationtimestamp| type| source ---|---|--- 2026-04-27 09:09:56+00:00| seen| https://ccb.belgium.be/advisories/warning-critical-arbitrary-code-execution-vulnerability-apache-mina-patch-immediately 2026-05-01 01:27:07+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mkqxxdbwbc2e...

PT-2026-35151

Name of the Vulnerable Software and Affected Versions electerm affected versions not specified Description A command injection issue exists in the runLinux function within github.com/elcterm/electerm/npm/install.js:130. The function appends remote version strings, which can be controlled by an...

Fedora 43 : libpng (2026-67c20bfb74)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-67c20bfb74 advisory. 1.6.56 is release fixes for the following two security vulnerabilities: - CVE-2026-33416 high severity: Use-after-free memory bug in the transparenc...

React Server Components have a Denial of Service Vulnerability

Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests...

MAL-2026-1938 Malicious code in @metaplex-foundations/umi-public-keys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48abfc0f902cd0f09b0c2ae7449eaefbf3b4baf1cb12e4165f509b86f7ad8692 The package @metaplex-foundations/umi-public-keys was found to contain malicious code. Source: ghsa-malware...

CVE-2026-24018

creationtimestamp| type| source ---|---|--- 2026-03-11 10:50:56+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-fortinet-8 2026-03-11 14:43:25+00:00| seen| https://ccb.belgium.be/advisories/warning-fortinet-patched-22-vulnerabilities-multiple-products-patch-immediately...

GHSA-8JX2-RHFH-Q928 godot-mcp has Command Injection via unsanitized projectPath

Impact A Command Injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which spawns a shell. An attacker could inject shell metacharacters like $command or &calc to execute arbitrary comman...

React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option

A critical remote code execution RCE vulnerability in 7-Zip CVE-2025-11001 is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an...

MAL-2025-190581 Malicious code in com.unity.polyspatial.xr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f47a6bc79a20cf499736b6544281ecd6035fd1135b3d465ea2b7579061bfc2b The package com.unity.polyspatial.xr was found to contain malicious code. Source: ghsa-malware...

WordPress Gutentype Theme <= 2.1.11 is vulnerable to Local File Inclusion

Software Gutentype Type Theme Vulnerable versions = 2.1.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 42f4a10f514e Credits Bonds Required privilege Unauthenticated Publish...

Malicious Code

This package contains malicious code and should be removed immediately!...

Malicious code in protobufjs-websocket-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5372e68ba0b48947bc24234bd3009eaf3350edf61ca65bd42229c19a046fe8 Any computer that has this package installed or running should be considered...

Malicious code in server-bare-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39c5415871a73082265e769aa9eb273c1fa34089a841af9700ebb890c064d102 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-3138 · Undefined · Undefined

🚨🚨 『The vulnerabilities are trivial to reverse and exploit though, and we encourage users to to upgrade ASAP to the latest SimpleHelp release,』 CVE-2024-55726 CVE-2024-55727 CVE-2024-55728 Critical Vulnerabilities in SimpleHelp Remote Support Software https://t.co/F8dpl2me1D...

MAL-2024-11075 Malicious code in release-notice (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9188a12e63756142475c425c675afc5c47d67d58761c182bb785745a2b7298fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10969 Malicious code in eslint-plugin-classification-import (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf941eb64cb46effcedb0a7bc56e9aa2c3a16f53b93efc19baecb91bc6699f02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-38656 · Special Minds Design · E-Commerce

Name of the Vulnerable Software and Affected Versions: Special Minds Design and Software e-Commerce versions prior to 22.11.2024 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

PT-2024-15284

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the latest patch release Description A critical security issue in VMware vCenter Server allows attackers to execute remote code on affected systems. This flaw is being actively exploited by cybercriminal...