Critical Vulnerabilities Expose 22,000 CyberPanel Servers and Millions to RCE Attacks, Including 18-Year XOrg Flaw

A series of critical vulnerabilities have been identified across various software platforms, exposing thousands of servers and millions of users to potential remote code execution (RCE) attacks. Notably, 22,000 CyberPanel servers were found to have a zero-click RCE vulnerability, prompting immediate attention from cybersecurity experts. Additionally, a local privilege escalation vulnerability affecting the XOrg server has been present for 18 years, raising concerns about the long-term security of systems relying on this software. Further complicating the situation, a critical flaw in RKE2 has been discovered, allowing privilege escalation in Windows nodes due to insecure access control lists. Furthermore, a 14-year vulnerability in qBittorrent has left millions of users vulnerable to RCE attacks, highlighting the urgent need for updates and patches across these platforms.