Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
WebPros CPanel & WHM And WP2 (WordPress Squared) added to CISA KEV — confirmed in-the-wild exploitation.
Frangoteam Fuxa: public exploit or PoC linked (RCE)
5 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2026-41940WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function
Actively exploited (CISA KEV)
Listed on CISA KEV
Internet-facing CMS deployments affected
WebPros CPanel & WHM And WP2 (WordPress Squared) Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
CVE-2024-46987Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails.
Public exploit or PoC available
Exploit activity linked
Tuzitio Camaleon Cms Path Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2026-36767A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows atta...
CVSS 10
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.