The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.

CVE-2026-41940

• Severity: 9.8 CRITICAL
• Impacted Products: cPanel and WHM versions after 11.40
• Description: cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-41940
• PoC:
  • https://github.com/Jenderal92/CVE-2026-41940
  • https://github.com/merdw/cPanel-CVE-2026-41940-Scanner
  • https://github.com/0xBlackash/CVE-2026-41940

CVE-2026-31431

• Severity: 7.8 HIGH
• Impacted Products: All major Linux kernels since 2017
• Description: This local privilege escalation is rated as Important severity. Part of the Linux kernel’s cryptographic interface contains an incorrect in-place operation, where source and destination data mappings differ. This could lead to data integrity issues, including the escalation to root privileges.
• Remediation:
  • crypto: algif_aead - Revert to operating out-of-place
  • oss-security - CVE-2026-31431: CopyFail: linux local privilege scalation
  • oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation
• More Info: NVD - CVE-2026-31431
• PoC:
  • https://github.com/mCub3/CVE-2026-31431
  • https://github.com/Theori-lO/copy-fail-CVE-2026-31431
  • https://github.com/ruattd/cve-2026-31431

CVE-2024-1708 NEW

• Severity: 8.4 HIGH
• Impacted Products: ConnectWise ScreenConnect 23.9.7 and prior
• Description: ConnectWise ScreenConnect versions 23.9.7 and prior are affected by a path traversal vulnerability that allows a remote, privileged attacker to execute arbitrary code or access sensitive information. This flaw stems from improper validation of file paths during the processing of application extensions.
• Remediation:
  • ConnectWise ScreenConnect 23.9.8 security fix
• More Info: NVD - CVE-2024-1708
• PoC:
  • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/connectwise_screenconnect_rce_cve_2024_1709.rb

CVE-2026-7482 NEW

• Severity: 9.1 CRITICAL
• Impacted Products: Ollama 0.17.1
• Description: Ollama versions prior to 0.17.1 are affected by a heap out-of-bounds read vulnerability in the GGUF model loader that allows unauthenticated remote attackers to access sensitive server memory. This issue occurs when the application processes a maliciously crafted GGUF file via the /api/create endpoint.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-7482
• PoC:
  • https://github.com/0x0OZ/CVE-2026-7482-PoC
  • https://github.com/szybnev/CVE-2026-7482

CVE-2026-7411 NEW

• Severity: 10.0 CRITICAL
• Impacted Products: Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10
• Description: Eclipse BaSyx Java Server SDK is affected by a path traversal vulnerability in its Submodel HTTP API that allows unauthenticated remote attackers to achieve arbitrary code execution. This flaw exists due to inadequate path normalization during file upload operations.
• Remediation:
  • [CVE Request] CWE-22: Unauthenticated Arbitrary File Write to RCE in Eclipse BaSyx V2 (#102) · Issue · security/cve-assignment
  • [Eclipse BaSyx] Multiple Critical Vulnerabilities in Eclipse BaSyx V2 (#423) · Issue · security/vulnerability-reports
• More Info: NVD - CVE-2026-7411
• PoC:
  • https://github.com/CryptReaper12/CVE-2026-7411

CVE-2026-42796 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Arelle before 2.39.10
• Description: Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file through the plugins parameter, causing the Arelle webserver to download and execute the attacker-controlled code within the Arelle process with its privileges.
• Remediation:
  • Restrict Webserver Plugins by austinmatherne-wk · Pull Request #2320 · Arelle/Arelle · GitHub
• More Info: NVD - CVE-2026-42796
• PoC:
  • https://github.com/ameerhamza-malik/CVE-2026-42796

CVE-2026-42778 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Apache MINA 2.1.X, Apache MINA 2.2.X
• Description: Apache MINA is affected by a deserialization of untrusted data vulnerability in the AbstractIoBuffer.getObject() method that allows for remote code execution. This issue exists because the classname allowlist validation is performed after a class’s static initializer may have already been executed.
• Remediation:
  • Apache MINA 2.0.12 and 2.2.7 release-Apache Mail Archives
• More Info: NVD - CVE-2026-42778
• PoC:
  • https://github.com/Akinfue/CVE-2026-42778-POC

CVE-2026-3854

• Severity: 8.8 HIGH
• Impacted Products: GitHub Enterprise Server
• Description: GitHub Enterprise Server is affected by a command injection vulnerability that allows an authenticated attacker with push access to a repository to achieve remote code execution. This issue stems from the improper neutralization of special elements within Git push options during internal service communication.
• Remediation:
  • Release notes - GitHub Enterprise Server 3.14 Docs
  • Release notes - GitHub Enterprise Server 3.14 Docs
  • Release notes - GitHub Enterprise Server 3.14 Docs
• More Info: NVD - CVE-2026-3854
• PoC:
  • https://github.com/simondankelmann/cve-2026-3854-test
  • https://github.com/5kr1pt/CVE-2026-3854
  • https://github.com/LACHHAB-Anas/Exploit_CVE-2026-3854

CVE-2026-36356 NEW

• Severity: 9.1 CRITICAL
• Impacted Products: MeiG Smart FORGE_SLT711 (firmware MDM9607.LE.1.0-00110-STD.PROD-1)
• Description: The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-36356
• PoC:
  • https://github.com/totekuh/CVE-2026-36356

CVE-2026-24118 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: vm2 < 3.11.0
• Description: vm2, an open-source sandbox for Node.js, is affected by a sandbox breakout vulnerability in versions prior to 3.11.0. This flaw allows an attacker to bypass the sandbox restrictions and execute arbitrary commands on the host system.
• Remediation:
  • https://github.com/patriksimek/vm2/commit/2b5f3e3a060d9088f5e1cdd585d683d491f990a3
  • https://github.com/patriksimek/vm2/commit/f9b700b1c7d9ef2df416666cb24e0b659140cc74
  • VM2 Sandbox Breakout Through lookupGetter · Advisory · patriksimek/vm2 · GitHub
• More Info: NVD - CVE-2026-24118
• PoC:
  • https://github.com/HORKimhab/CVE-2026-24118

CVE-2026-0300 NEW

• Severity: 9.8 CRITICAL
• Impacted Products: Palo Alto Networks PAN-OS
• Description: Palo Alto Networks PAN-OS is affected by a buffer overflow vulnerability in the User-ID Authentication Portal service that allows for unauthenticated remote code execution. This flaw enables an attacker to gain root privileges on PA-Series and VM-Series firewalls.
• Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
• More Info: NVD - CVE-2026-0300
• PoC:
  • https://github.com/bannned-bit/CVE-2026-0300-PANOS
  • https://github.com/mr-r3b00t/CVE-2026-0300
  • https://github.com/0xBlackash/CVE-2026-0300

CVE-2026-23918 NEW

• Severity: 8.8 HIGH
• Impacted Products: Apache HTTP Server 2.4.66
• Description: Apache HTTP Server version 2.4.66 is vulnerable to a double free condition within its HTTP/2 protocol handling that can lead to remote code execution. This issue occurs when the server processes an early reset of an HTTP/2 stream.
• Remediation:
  • Red Hat Inc.
  • 2465304 – (CVE-2026-23918) CVE-2026-23918 Apache HTTP Server: Apache HTTP Server: Remote Code Execution via Double Free in HTTP/2 Protocol
  • Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
• More Info: NVD - CVE-2026-23918
• PoC:
  • https://github.com/rhasan-com/CVE-2026-23918
  • https://github.com/12lie20/CVE-2026-23918-test
  • https://github.com/aa022/CVE-2026-23918-Passive-Audit

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.