Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202605-00000003
【CVE-2024-1708】ConnectWise ScreenConnect Path Traversal Vulnerability (CVSS v3.1: 8.4)
【Ransomware Exploitation: Unknown】 ConnectWise ScreenConnect contains a path traversal vulnerability that could allow an attacker to execute remote code or directly impact confidential data and critical systems.
【CVE-2026-32202】Microsoft Windows Protection Mechanism Failure Vulnerability (CVSS v3.1: 4.3)
【Ransomware Exploitation: Unknown】 Microsoft Windows Shell contains a protection mechanism failure vulnerability, allowing an unauthorized attacker to perform spoofing attacks over the network.
【CVE-2026-41940】WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability (CVSS v3.1: 9.8)
【Ransomware Exploitation: Unknown】 WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login process, allowing unauthenticated remote attackers to access the control panel.
【CVE-2026-31431】Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability (CVSS v3.1: 7.8)
【Ransomware Exploitation: Unknown】 Linux Kernel contains an Incorrect Resource Transfer Between Spheres vulnerability, which may lead to privilege escalation.