[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":135,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":142,"vulnerability-29265":148,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":176},[4,15,20,27,34,41,46,53,59,66,71,78,83,90,96,106,112,118,124,130],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"Compliance - Advanced Pentest Reporting","compliance-advanced-pentest-reporting","Prove your compliance. Get built-in validation with audit-ready reports.","https://pentest-tools.com/pricing",false,[11],"/features/advanced-pentest-reporting","Unlock audit-ready reports","primary",null,{"title":16,"slug":17,"text":18,"link":8,"external":9,"targets":19,"cta":12,"variant":13,"campaign_id":14},"Compliance - Advanced Pentest Reporting (A-B test)","compliance-advanced-pentest-reporting-1","Stop piecing together reports manually. Upgrade today to unlock instant proof for audits.",[11],{"title":21,"slug":22,"text":23,"link":8,"external":9,"targets":24,"cta":26,"variant":13,"campaign_id":14},"Compliance - Integrations","compliance-integrations","Disconnected tools hide compliance breaches. Stay audit-ready 24/7 with the right integrations.",[25],"/features/integrations","Automate your compliance",{"title":28,"slug":29,"text":30,"link":8,"external":9,"targets":31,"cta":32,"variant":33,"campaign_id":14},"Compliance - Integrations (A-B test)","compliance-integrations-1","Disconnected tools will fail your next audit. Unlock the integrations needed for compliance.",[25],"Connect your stack","secondary",{"title":35,"slug":36,"text":37,"link":8,"external":9,"targets":38,"cta":40,"variant":13,"campaign_id":14},"Compliance - ML Classifier","compliance-ml-classifier","Put compliance on Auto this year with 50% fewer FPs. Go deeper with the WebNetSec plan.",[39],"/features/machine-learning-classifier","Explore WebNetSec",{"title":42,"slug":43,"text":44,"link":8,"external":9,"targets":45,"cta":40,"variant":13,"campaign_id":14},"Compliance - ML Classifier (A-B test)","compliance-ml-classifier-1","Ghost vulnerabilities drain time and chip your compliance. Upgrade to WebNetSec to stay audit-ready with 50% fewer FPs.",[39],{"title":47,"slug":48,"text":49,"link":8,"external":9,"targets":50,"cta":52,"variant":13,"campaign_id":14},"Compliance - Network Scanner","compliance-network-scanner","Map your attack surface and prove infrastructure compliance with the Network Scanner. Available with any plan.",[51],"/network-vulnerability-scanning/network-security-scanner-online","Upgrade your plan",{"title":54,"slug":55,"text":56,"link":8,"external":9,"targets":57,"cta":58,"variant":13,"campaign_id":14},"Compliance - Network Scanner (A-B test)","compliance-network-scanner-1","Unmapped assets are compliance landmines - upgrade your plan with complete attack surface visibility.",[51],"Get deep network scans",{"title":60,"slug":61,"text":62,"link":8,"external":9,"targets":63,"cta":65,"variant":13,"campaign_id":14},"Compliance - Pentest Robots","compliance-pentest-robots","Put compliance on Auto with Pentest Robots. Available with any plan.",[64],"/features/pentest-robots","Automate continuous scans",{"title":67,"slug":68,"text":69,"link":8,"external":9,"targets":70,"cta":65,"variant":13,"campaign_id":14},"Compliance - Pentest Robots (A-B test)","compliance-pentest-robots-1","Don’t leave compliance to chance - deploy Pentest Robots to quickly automate your audit readiness.",[64],{"title":72,"slug":73,"text":74,"link":8,"external":9,"targets":75,"cta":77,"variant":13,"campaign_id":14},"Compliance - Sniper: Auto-Exploiter","compliance-sniper-auto-exploiter","Get audit-ready proof and put compliance on Auto with our proprietary Sniper: Auto-exploiter. Available with Pentest Suite.",[76],"/exploit-helpers/sniper","Get proof with Pentest Suite",{"title":79,"slug":80,"text":81,"link":8,"external":9,"targets":82,"cta":77,"variant":13,"campaign_id":14},"Compliance - Sniper: Auto-Exploiter (A-B test)","compliance-sniper-auto-exploiter-1","Deliver audit-ready proof instantly and stay compliant 24/7/365 - only with Sniper: Auto-Exploiter. Available with Pentest Suite.",[76],{"title":84,"slug":85,"text":86,"link":8,"external":9,"targets":87,"cta":89,"variant":13,"campaign_id":14},"Compliance - Website Scanner","compliance-website-scanner","Prove real risk instantly and put compliance on Auto with the Website Scanner. Available with the WebNetSec plan.",[88],"/website-vulnerability-scanning/website-scanner","Unlock AppSec compliance",{"title":91,"slug":92,"text":93,"link":8,"external":9,"targets":94,"cta":95,"variant":13,"campaign_id":14},"Compliance - Website Scanner (A-B test)","compliance-website-scanner-1","Web vulnerabilities let in devastating compliance fines. Stay audit-ready with deep, proprietary scans. Available with the WebNetSec plan.",[88],"Upgrade to WebNetSec",{"title":97,"slug":98,"text":99,"link":100,"external":101,"targets":102,"cta":104,"variant":13,"campaign_id":105},"cPanel & WHM Free Scanner Homepage","cpanel-whm-free-scanner","FREE CVE-2026-41940 scanner - check your cPanel & WHM targets now!","/network-vulnerability-scanning/cve-2026-41940-scanner-cpanel-authentication-bypass",true,[103],"/","Check now","cpanel-whm",{"title":107,"slug":108,"text":109,"link":100,"external":101,"targets":110,"cta":111,"variant":13,"campaign_id":105},"cPanel & WHM Free Scanner Network Scanner","cpanel-whm-network-scanner","New: detect cPanel & WHM auth bypass (CVE-2026-41940) for free!",[51],"Run a free scan",{"title":113,"slug":114,"text":115,"link":100,"external":101,"targets":116,"cta":111,"variant":13,"campaign_id":105},"cPanel & WHM Free Scanner CVE page","cpanel-whm-cve-page","Free scanner: detect CVE-2026-41940 across cPanel & WHM assets now",[117],"/vulnerabilities-exploits/cpanel-and-whm-authentication-bypass-via-session-file-crlf-injection_29257",{"title":119,"slug":120,"text":121,"link":100,"external":101,"targets":122,"cta":111,"variant":33,"campaign_id":105},"cPanel & WHM Free Scanner Vulndb index","cpanel-whm-vulndb-index","New: free scanner for the cPanel & WHM authentication bypass (CVE-2026-41940)",[123],"/vulnerabilities-exploits",{"title":125,"slug":126,"text":127,"link":100,"external":101,"targets":128,"cta":111,"variant":33,"campaign_id":105},"cPanel & WHM Free Scanner Blog","cpanel-whm-blog","CVE-2026-41940: free scanner for the cPanel auth bypass. ~1.5M instances exposed",[129],"/blog",{"title":131,"slug":132,"text":133,"link":100,"external":101,"targets":134,"cta":111,"variant":33,"campaign_id":105},"cPanel & WHM Free Scanner Website Scanner","cpanel-whm-website-scanner","New: free scanner for cPanel & WHM auth bypass (CVE-2026-41940)",[88],["Island",136],{"key":137,"params":138,"result":140},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":139},"{}",{"head":141},{},["Island",143],{"key":144,"params":145,"result":146},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":139},{"head":147},{},{"id":149,"detectable_with":150,"vuln_details":157,"vuln_id":173,"name":174,"published":175,"updated":14},29265,{"tool":151,"engine":154},{"id":152,"name":153},1,"Network Scanner",{"id":155,"name":156},2,"Nuclei",{"id":149,"codename":14,"description":14,"severity":158,"risk_description":159,"public_description":160,"public_recommendation":161,"recommendation":14,"references":162,"cvssv3":167,"epss_score":168,"epss_percentile":169,"cve":170,"in_cisa_catalog":9,"date":172,"software_type":14,"vendor":14,"product":14,"ptt_exploit_capabilities":14},"high","The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.","Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the \"vm://\" transport scheme in BrokerView.addNetworkConnector() and BrokerView.addConnector() to prevent authenticated attackers from loading malicious Spring XML configurations via the Jolokia API. However, the fix only denied the \"vm\" scheme. An attacker can bypass this restriction by using the HTTP Discovery transport(http://attacker/discovery), which is not in the denied scheme list. The attacker-controlled HTTP endpoint returns a vm:// transport URI as a second-stage response, which then loads a remote Spring XML application context, leading to arbitrary code execution on the broker JVM. The activemq-http module must be on the classpath (present by default in the \"all\" distribution), and authenticated access to the Jolokia API (/api/jolokia/) is required.","Attacker must be authenticated and activemq-http module must be on classpath.",[163,164,165,166],"https://activemq.apache.org/security-advisories.data/CVE-2026-40466-announcement.txt","https://nvd.nist.gov/vuln/detail/CVE-2026-40466","https://github.com/advisories/GHSA-w3w2-mpp5-92gm","https://github.com/apache/activemq/pull/1918",8.8,0.08517,0.92414,[171],"CVE-2026-40466","2026-04-24T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2026-40466","Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass","2026-05-05T00:00:00Z",["Island",177],{"key":178,"params":179,"result":181},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":180},"{\"text-color\":\"gray\"}",{"head":182},{}]