P
Office Hours this Wednesday, May 27: AI coding vs. security validation, live with our Head of Engineering and Product Manager.
30 minutes of discussion on where the validation gap opens when AI accelerates the codebase. 15 minutes of open Q&A.
11:00 AM New York / 4:00 PM London / 6:00 PM Bucharest.
Register: https://zoom.us/webinar/register/5817794651256/WN_1WYk4PoXTci8uZ2J9lo-ng
CVE-2026-41940 was exploited for 64 days before a patch existed. First attack: Feb 23. Advisory: Apr 28.
After disclosure, 15,448 cPanel hosts in malicious activity on May 1 alone. Ransomware and a Mirai botnet running in parallel. CVSS 9.8. CISA KEV.
We built a free scanner. No account needed.
Free cPanel vulnerability scanner for CVE-2026-41940. Detect the authentication bypass via CRLF injection in cPanel & WHM. Get a PDF scan report.
Pentest-Tools.com (pentest-tools.com)
CVE-2026-40321: stored XSS in DNN (DotNetNuke) prior to v10.2.2 chains to full RCE.
Any authenticated user can upload a crafted SVG with embedded JavaScript. If a power user opens it, the payload calls DNN's own config endpoint to drop an ASPX backdoor in the server root.
One file. One click. Full RCE. CVSS 8.1, patched, fully documented.
Write-up + PoC payloads: https://pentest-tools.com/blog/dotnetnuke-xss-to-rce
More research from our team: https://pentest-tools.com/research
