[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":143,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":150,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":156,"vulnerability-1921":163},[4,15,20,28,34,41,46,53,59,66,71,78,83,90,96,106,112,119,124,130,135],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"Compliance - Advanced Pentest Reporting (A-B test)","compliance-advanced-pentest-reporting-1","Stop piecing together reports manually. Upgrade today to unlock instant proof for audits.","https://pentest-tools.com/pricing",false,[11],"/features/advanced-pentest-reporting","Unlock audit-ready reports","primary",null,{"title":16,"slug":17,"text":18,"link":8,"external":9,"targets":19,"cta":12,"variant":13,"campaign_id":14},"Compliance - Advanced Pentest Reporting","compliance-advanced-pentest-reporting","Prove your compliance. Get built-in validation with audit-ready reports.",[11],{"title":21,"slug":22,"text":23,"link":8,"external":9,"targets":24,"cta":26,"variant":27,"campaign_id":14},"Compliance - Integrations (A-B test)","compliance-integrations-1","Disconnected tools will fail your next audit. Unlock the integrations needed for compliance.",[25],"/features/integrations","Connect your stack","secondary",{"title":29,"slug":30,"text":31,"link":8,"external":9,"targets":32,"cta":33,"variant":13,"campaign_id":14},"Compliance - Integrations","compliance-integrations","Disconnected tools hide compliance breaches. Stay audit-ready 24/7 with the right integrations.",[25],"Automate your compliance",{"title":35,"slug":36,"text":37,"link":8,"external":9,"targets":38,"cta":40,"variant":13,"campaign_id":14},"Compliance - ML Classifier (A-B test)","compliance-ml-classifier-1","Ghost vulnerabilities drain time and chip your compliance. Upgrade to WebNetSec to stay audit-ready with 50% fewer FPs.",[39],"/features/machine-learning-classifier","Explore WebNetSec",{"title":42,"slug":43,"text":44,"link":8,"external":9,"targets":45,"cta":40,"variant":13,"campaign_id":14},"Compliance - ML Classifier","compliance-ml-classifier","Put compliance on Auto this year with 50% fewer FPs. Go deeper with the WebNetSec plan.",[39],{"title":47,"slug":48,"text":49,"link":8,"external":9,"targets":50,"cta":52,"variant":13,"campaign_id":14},"Compliance - Network Scanner (A-B test)","compliance-network-scanner-1","Unmapped assets are compliance landmines - upgrade your plan with complete attack surface visibility.",[51],"/network-vulnerability-scanning/network-security-scanner-online","Get deep network scans",{"title":54,"slug":55,"text":56,"link":8,"external":9,"targets":57,"cta":58,"variant":13,"campaign_id":14},"Compliance - Network Scanner","compliance-network-scanner","Map your attack surface and prove infrastructure compliance with the Network Scanner. Available with any plan.",[51],"Upgrade your plan",{"title":60,"slug":61,"text":62,"link":8,"external":9,"targets":63,"cta":65,"variant":13,"campaign_id":14},"Compliance - Pentest Robots (A-B test)","compliance-pentest-robots-1","Don’t leave compliance to chance - deploy Pentest Robots to quickly automate your audit readiness.",[64],"/features/pentest-robots","Automate continuous scans",{"title":67,"slug":68,"text":69,"link":8,"external":9,"targets":70,"cta":65,"variant":13,"campaign_id":14},"Compliance - Pentest Robots","compliance-pentest-robots","Put compliance on Auto with Pentest Robots. Available with any plan.",[64],{"title":72,"slug":73,"text":74,"link":8,"external":9,"targets":75,"cta":77,"variant":13,"campaign_id":14},"Compliance - Sniper: Auto-Exploiter (A-B test)","compliance-sniper-auto-exploiter-1","Deliver audit-ready proof instantly and stay compliant 24/7/365 - only with Sniper: Auto-Exploiter. Available with Pentest Suite.",[76],"/exploit-helpers/sniper","Get proof with Pentest Suite",{"title":79,"slug":80,"text":81,"link":8,"external":9,"targets":82,"cta":77,"variant":13,"campaign_id":14},"Compliance - Sniper: Auto-Exploiter","compliance-sniper-auto-exploiter","Get audit-ready proof and put compliance on Auto with our proprietary Sniper: Auto-exploiter. Available with Pentest Suite.",[76],{"title":84,"slug":85,"text":86,"link":8,"external":9,"targets":87,"cta":89,"variant":13,"campaign_id":14},"Compliance - Website Scanner (A-B test)","compliance-website-scanner-1","Web vulnerabilities let in devastating compliance fines. Stay audit-ready with deep, proprietary scans. Available with the WebNetSec plan.",[88],"/website-vulnerability-scanning/website-scanner","Upgrade to WebNetSec",{"title":91,"slug":92,"text":93,"link":8,"external":9,"targets":94,"cta":95,"variant":13,"campaign_id":14},"Compliance - Website Scanner","compliance-website-scanner","Prove real risk instantly and put compliance on Auto with the Website Scanner. Available with the WebNetSec plan.",[88],"Unlock AppSec compliance",{"title":97,"slug":98,"text":99,"link":100,"external":101,"targets":102,"cta":104,"variant":27,"campaign_id":105},"cPanel & WHM Free Scanner Blog","cpanel-whm-blog","CVE-2026-41940: free scanner for the cPanel auth bypass. ~1.5M instances exposed","/network-vulnerability-scanning/cve-2026-41940-scanner-cpanel-authentication-bypass",true,[103],"/blog","Run a free scan","cpanel-whm",{"title":107,"slug":108,"text":109,"link":100,"external":101,"targets":110,"cta":104,"variant":27,"campaign_id":105},"cPanel & WHM Free Scanner CVE page","cpanel-whm-cve-page","Free scanner: detect CVE-2026-41940 across cPanel & WHM assets now",[111],"/vulnerabilities-exploits/cpanel-and-whm-authentication-bypass-via-session-file-crlf-injection_29257",{"title":113,"slug":114,"text":115,"link":100,"external":101,"targets":116,"cta":118,"variant":13,"campaign_id":105},"cPanel & WHM Free Scanner Homepage","cpanel-whm-free-scanner","FREE CVE-2026-41940 scanner - check your cPanel & WHM targets now!",[117],"/","Check now",{"title":120,"slug":121,"text":122,"link":100,"external":101,"targets":123,"cta":104,"variant":13,"campaign_id":105},"cPanel & WHM Free Scanner Network Scanner","cpanel-whm-network-scanner","New: detect cPanel & WHM auth bypass (CVE-2026-41940) for free!",[51],{"title":125,"slug":126,"text":127,"link":100,"external":101,"targets":128,"cta":104,"variant":27,"campaign_id":105},"cPanel & WHM Free Scanner Vulndb index","cpanel-whm-vulndb-index","New: free scanner for the cPanel & WHM authentication bypass (CVE-2026-41940)",[129],"/vulnerabilities-exploits",{"title":131,"slug":132,"text":133,"link":100,"external":101,"targets":134,"cta":104,"variant":27,"campaign_id":105},"cPanel & WHM Free Scanner Website Scanner","cpanel-whm-website-scanner","New: free scanner for cPanel & WHM auth bypass (CVE-2026-41940)",[88],{"title":136,"slug":137,"text":138,"link":139,"external":101,"targets":140,"cta":141,"variant":13,"campaign_id":142},"Office hours #3 - session 1","office-hours-3-session-1","Got 45 minutes on Wednesday? We're going live with Office Hours!","https://zoom.us/webinar/register/5517785142308/WN_hWqbS--1TtCjvZZ2GTKkOQ",[117],"Save your seat","office-hours-3",["Island",144],{"key":145,"params":146,"result":148},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":147},"{}",{"head":149},{},["Island",151],{"key":152,"params":153,"result":154},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":147},{"head":155},{},["Island",157],{"key":158,"params":159,"result":161},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":160},"{\"text-color\":\"gray\"}",{"head":162},{},{"id":164,"detectable_with":165,"vuln_details":172,"vuln_id":190,"name":191,"published":192,"updated":14},1921,{"tool":166,"engine":169},{"id":167,"name":168},1,"Network Scanner",{"id":170,"name":171},2,"Nuclei",{"id":164,"codename":14,"description":14,"severity":173,"risk_description":174,"public_description":175,"public_recommendation":176,"recommendation":14,"references":177,"cvssv3":184,"epss_score":185,"epss_percentile":186,"cve":187,"in_cisa_catalog":9,"date":189,"software_type":14,"vendor":14,"product":14,"ptt_exploit_capabilities":14},"medium","Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.","Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.","Upgrade Keycloak to a version that is not affected by the vulnerability (10.0.1 or higher).",[178,179,180,181,182,183],"https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j","https://bugzilla.redhat.com/show_bug.cgi?id=2013577","https://access.redhat.com/security/cve/CVE-2021-20323","https://github.com/ndmalc/CVE-2021-20323","https://github.com/keycloak/keycloak/commit/3aa3db16eac9b9ed8c5335ac86f5f50e0c68662d","https://nvd.nist.gov/vuln/detail/CVE-2021-20323",6.1,0.66054,0.98533,[188],"CVE-2021-20323","2022-03-25T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2021-20323","Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting","2023-07-04T00:00:00Z"]