Apr 30, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WebPros CPanel & WHM And WP2 (WordPress Squared) added to CISA KEV — confirmed in-the-wild exploitation.
  • Frangoteam Fuxa: public exploit or PoC linked (RCE)
  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Internet-facing CMS deployments affected

WebPros CPanel & WHM And WP2 (WordPress Squared) Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2024-46987 Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails.

  • Public exploit or PoC available
  • Exploit activity linked

Tuzitio Camaleon Cms Path Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2026-36767 A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows atta...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function

View KEV additions

Exploit & PoC activity

CVE-2025-69985 Exploit

FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE).

CVE-2026-26335 Exploit

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stor...

CVE-2026-26235 Exploit

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or...

CVE-2026-21244 Exploit

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-21248 Exploit

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2026-25961 Exploit

SumatraPDF is a multi-format reader for Windows.

CVE-2026-25643 Exploit

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras.

CVE-2026-25047 Exploit

deepHas provides a test for the existence of a nested object key and optionally returns that key.

CVE-2026-24897 Exploit

Erugo is a self-hosted file-sharing platform.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-50993 CVSS 9.3

Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServ...

CVE-2025-71284 CVSS 9.3

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radi...

CVE-2026-36760 CVSS 9.6

An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permi...

CVE-2026-36767 CVSS 10

A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any write...

CVE-2026-4670 CVSS 9.8

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.

View critical disclosures

cvelogic Threat Intelligence