[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":143,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":150,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":156,"vulnerability-4455":163},[4,15,20,28,34,41,46,53,59,66,71,78,83,90,96,106,112,119,124,130,135],{"title":5,"slug":6,"text":7,"link":8,"external":9,"targets":10,"cta":12,"variant":13,"campaign_id":14},"Compliance - Advanced Pentest Reporting (A-B test)","compliance-advanced-pentest-reporting-1","Stop piecing together reports manually. Upgrade today to unlock instant proof for audits.","https://pentest-tools.com/pricing",false,[11],"/features/advanced-pentest-reporting","Unlock audit-ready reports","primary",null,{"title":16,"slug":17,"text":18,"link":8,"external":9,"targets":19,"cta":12,"variant":13,"campaign_id":14},"Compliance - Advanced Pentest Reporting","compliance-advanced-pentest-reporting","Prove your compliance. Get built-in validation with audit-ready reports.",[11],{"title":21,"slug":22,"text":23,"link":8,"external":9,"targets":24,"cta":26,"variant":27,"campaign_id":14},"Compliance - Integrations (A-B test)","compliance-integrations-1","Disconnected tools will fail your next audit. Unlock the integrations needed for compliance.",[25],"/features/integrations","Connect your stack","secondary",{"title":29,"slug":30,"text":31,"link":8,"external":9,"targets":32,"cta":33,"variant":13,"campaign_id":14},"Compliance - Integrations","compliance-integrations","Disconnected tools hide compliance breaches. Stay audit-ready 24/7 with the right integrations.",[25],"Automate your compliance",{"title":35,"slug":36,"text":37,"link":8,"external":9,"targets":38,"cta":40,"variant":13,"campaign_id":14},"Compliance - ML Classifier (A-B test)","compliance-ml-classifier-1","Ghost vulnerabilities drain time and chip your compliance. Upgrade to WebNetSec to stay audit-ready with 50% fewer FPs.",[39],"/features/machine-learning-classifier","Explore WebNetSec",{"title":42,"slug":43,"text":44,"link":8,"external":9,"targets":45,"cta":40,"variant":13,"campaign_id":14},"Compliance - ML Classifier","compliance-ml-classifier","Put compliance on Auto this year with 50% fewer FPs. Go deeper with the WebNetSec plan.",[39],{"title":47,"slug":48,"text":49,"link":8,"external":9,"targets":50,"cta":52,"variant":13,"campaign_id":14},"Compliance - Network Scanner (A-B test)","compliance-network-scanner-1","Unmapped assets are compliance landmines - upgrade your plan with complete attack surface visibility.",[51],"/network-vulnerability-scanning/network-security-scanner-online","Get deep network scans",{"title":54,"slug":55,"text":56,"link":8,"external":9,"targets":57,"cta":58,"variant":13,"campaign_id":14},"Compliance - Network Scanner","compliance-network-scanner","Map your attack surface and prove infrastructure compliance with the Network Scanner. Available with any plan.",[51],"Upgrade your plan",{"title":60,"slug":61,"text":62,"link":8,"external":9,"targets":63,"cta":65,"variant":13,"campaign_id":14},"Compliance - Pentest Robots (A-B test)","compliance-pentest-robots-1","Don’t leave compliance to chance - deploy Pentest Robots to quickly automate your audit readiness.",[64],"/features/pentest-robots","Automate continuous scans",{"title":67,"slug":68,"text":69,"link":8,"external":9,"targets":70,"cta":65,"variant":13,"campaign_id":14},"Compliance - Pentest Robots","compliance-pentest-robots","Put compliance on Auto with Pentest Robots. Available with any plan.",[64],{"title":72,"slug":73,"text":74,"link":8,"external":9,"targets":75,"cta":77,"variant":13,"campaign_id":14},"Compliance - Sniper: Auto-Exploiter (A-B test)","compliance-sniper-auto-exploiter-1","Deliver audit-ready proof instantly and stay compliant 24/7/365 - only with Sniper: Auto-Exploiter. Available with Pentest Suite.",[76],"/exploit-helpers/sniper","Get proof with Pentest Suite",{"title":79,"slug":80,"text":81,"link":8,"external":9,"targets":82,"cta":77,"variant":13,"campaign_id":14},"Compliance - Sniper: Auto-Exploiter","compliance-sniper-auto-exploiter","Get audit-ready proof and put compliance on Auto with our proprietary Sniper: Auto-exploiter. Available with Pentest Suite.",[76],{"title":84,"slug":85,"text":86,"link":8,"external":9,"targets":87,"cta":89,"variant":13,"campaign_id":14},"Compliance - Website Scanner (A-B test)","compliance-website-scanner-1","Web vulnerabilities let in devastating compliance fines. Stay audit-ready with deep, proprietary scans. Available with the WebNetSec plan.",[88],"/website-vulnerability-scanning/website-scanner","Upgrade to WebNetSec",{"title":91,"slug":92,"text":93,"link":8,"external":9,"targets":94,"cta":95,"variant":13,"campaign_id":14},"Compliance - Website Scanner","compliance-website-scanner","Prove real risk instantly and put compliance on Auto with the Website Scanner. Available with the WebNetSec plan.",[88],"Unlock AppSec compliance",{"title":97,"slug":98,"text":99,"link":100,"external":101,"targets":102,"cta":104,"variant":27,"campaign_id":105},"cPanel & WHM Free Scanner Blog","cpanel-whm-blog","CVE-2026-41940: free scanner for the cPanel auth bypass. ~1.5M instances exposed","/network-vulnerability-scanning/cve-2026-41940-scanner-cpanel-authentication-bypass",true,[103],"/blog","Run a free scan","cpanel-whm",{"title":107,"slug":108,"text":109,"link":100,"external":101,"targets":110,"cta":104,"variant":27,"campaign_id":105},"cPanel & WHM Free Scanner CVE page","cpanel-whm-cve-page","Free scanner: detect CVE-2026-41940 across cPanel & WHM assets now",[111],"/vulnerabilities-exploits/cpanel-and-whm-authentication-bypass-via-session-file-crlf-injection_29257",{"title":113,"slug":114,"text":115,"link":100,"external":101,"targets":116,"cta":118,"variant":13,"campaign_id":105},"cPanel & WHM Free Scanner Homepage","cpanel-whm-free-scanner","FREE CVE-2026-41940 scanner - check your cPanel & WHM targets now!",[117],"/","Check now",{"title":120,"slug":121,"text":122,"link":100,"external":101,"targets":123,"cta":104,"variant":13,"campaign_id":105},"cPanel & WHM Free Scanner Network Scanner","cpanel-whm-network-scanner","New: detect cPanel & WHM auth bypass (CVE-2026-41940) for free!",[51],{"title":125,"slug":126,"text":127,"link":100,"external":101,"targets":128,"cta":104,"variant":27,"campaign_id":105},"cPanel & WHM Free Scanner Vulndb index","cpanel-whm-vulndb-index","New: free scanner for the cPanel & WHM authentication bypass (CVE-2026-41940)",[129],"/vulnerabilities-exploits",{"title":131,"slug":132,"text":133,"link":100,"external":101,"targets":134,"cta":104,"variant":27,"campaign_id":105},"cPanel & WHM Free Scanner Website Scanner","cpanel-whm-website-scanner","New: free scanner for cPanel & WHM auth bypass (CVE-2026-41940)",[88],{"title":136,"slug":137,"text":138,"link":139,"external":101,"targets":140,"cta":141,"variant":13,"campaign_id":142},"Office hours #3 - session 1","office-hours-3-session-1","Got 45 minutes on Wednesday? We're going live with Office Hours!","https://zoom.us/webinar/register/5517785142308/WN_hWqbS--1TtCjvZZ2GTKkOQ",[117],"Save your seat","office-hours-3",["Island",144],{"key":145,"params":146,"result":148},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":147},"{}",{"head":149},{},["Island",151],{"key":152,"params":153,"result":154},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":147},{"head":155},{},["Island",157],{"key":158,"params":159,"result":161},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":160},"{\"text-color\":\"gray\"}",{"head":162},{},{"id":164,"detectable_with":165,"vuln_details":172,"vuln_id":188,"name":189,"published":190,"updated":14},4455,{"tool":166,"engine":169},{"id":167,"name":168},1,"Network Scanner",{"id":170,"name":171},3,"OpenVAS",{"id":164,"codename":14,"description":14,"severity":173,"risk_description":174,"public_description":175,"public_recommendation":176,"recommendation":14,"references":177,"cvssv3":179,"epss_score":180,"epss_percentile":181,"cve":182,"in_cisa_catalog":9,"date":187,"software_type":14,"vendor":14,"product":14,"ptt_exploit_capabilities":14},"medium","The following vulnerabilities exist: - The action get_sess_id in the web application of Pydio discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on their behalf, if the session is still active. - A stored XSS vulnerability can be exploited by leveraging the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be used to access the uploaded file. If a malicious user shares an uploaded HTML file containing JavaScript code with another user of the application and tricks them into accessing the URL that will result in the HTML code being interpreted by the web browser and the included JavaScript code ebeing executed under the context of the victim. - The ImageMagick plugin that is installed by default in Pydio does not perform appropriate validation and sanitization of user supplied input in the plugins configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator account in order to be able to edit the affected plugin configuration. - Using the aforementioned XSS vulnerability against an administrator would allow an attacker to gain elevated privileges. - An issue was discovered in proxy.php. Through an unauthenticated request, it is possible to evaluate malicious PHP code by placing it in the fourth line of a .php file, with execution via a HTTP GET request to proxy.php?hash=../../../../../var/lib/pydio/data/personal/guest/[filename]. This is related to plugins/action.share/src/Store/ShareStore.php.","Pydio Core is prone to multiple vulnerabilities.","Update to version 8.2.3 or later.",[178],"https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities",7.3,0.01621,0.82042,[183,184,185,186],"CVE-2019-10045","CVE-2019-10047","CVE-2019-10048","CVE-2019-10049","2019-05-31T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.113404","Pydio Core \u003C= 8.2.2 Multiple Vulnerabilities","2019-06-03T00:00:00Z"]