Overview
- Intermesh
- groupoffice
02 Apr 2026
Published
03 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.45%
KEV
Description
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar object into a setting string, an authenticated attacker can achieve Arbitrary File Write, leading directly to Remote Code Execution (RCE) on the server. This issue has been patched in versions 6.8.156, 25.0.90, and 26.0.12.
Statistics
- 1 Post
Last activity: 14 hours ago
Fediverse
🚨 CVE-2026-34838 (CRITICAL, CVSS 10): Group-Office <6.8.156, <25.0.90, <26.0.12 vulnerable to insecure deserialization (CWE-502). Authenticated attackers can achieve RCE by injecting malicious serialized objects. Patch now! https://radar.offseq.com/threat/cve-2026-34838-cwe-502-deserialization-of-untruste-f6c31d56 #OffSeq #Vuln #RCE
Overview
- Dan McInerney
- pymetasploit3
- pymetasploit3
03 Apr 2026
Published
03 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.85%
KEV
Description
Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.
Statistics
- 1 Post
Last activity: 17 hours ago
Fediverse
⚠️ CRITICAL vuln: pymetasploit3 ≤1.0.6 (CVE-2026-5463) lets attackers inject commands via newline chars in console.run_module_with_output(), risking full session compromise. Avoid untrusted input, watch for patches. https://radar.offseq.com/threat/cve-2026-5463-cwe-77-improper-neutralization-of-sp-6f7ed040 #OffSeq #CVE20265463 #infosec
Overview
- Omnissa
- Omnissa Workspace ONE UEM
11 Aug 2025
Published
11 Aug 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
3.95%
KEV
Description
Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.
Statistics
- 1 Post
Last activity: 17 hours ago
Bluesky
Overview
- ShaneIsrael
- fireshare
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.09%
KEV
Description
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in version 1.5.3.
Statistics
- 1 Post
Last activity: 12 hours ago
Fediverse
🚨 CRITICAL: CVE-2026-34745 in ShaneIsrael fireshare (<1.5.3) enables unauth’d file writes to any server path via /api/uploadChunked/public. Upgrade to 1.5.3 ASAP or restrict access. Full details: https://radar.offseq.com/threat/cve-2026-34745-cwe-22-improper-limitation-of-a-pat-3a68f043 #OffSeq #CVE202634745 #infosec #patchnow
Overview
- Microsoft
- Microsoft Devices Pricing Program
05 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.40%
KEV
Description
Microsoft Devices Pricing Program Remote Code Execution Vulnerability
Statistics
- 1 Post
Last activity: 6 hours ago
Overview
Description
Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first.
As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel.
In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
- Microsoft
- Azure AI Foundry
02 Apr 2026
Published
03 Apr 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.05%
KEV
Description
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Statistics
- 1 Post
Last activity: 15 hours ago
Fediverse
🛑 CRITICAL: CVE-2026-32213 impacts Azure AI Foundry. Improper authorization lets remote attackers fully compromise systems — no auth needed! Restrict access, enhance monitoring, & prep IR now. https://radar.offseq.com/threat/cve-2026-32213-cwe-285-improper-authorization-in-m-b7cd2d00 #OffSeq #Azure #Cloud #Vuln #BlueTeam
Overview
- Progress
- ShareFile Storage Zones Controller
02 Apr 2026
Published
03 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.41%
KEV
Description
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
Statistics
- 2 Posts
- 8 Interactions
Last activity: 13 hours ago
Bluesky
We added Progress ShareFile fingerprinting to our scans & reports with 784 unique IPs seen exposed on 2026-04-02.
watchTowr recently disclosed details behind an RCE CVE-2026-2699 & CVE-2026-2701 exploit chain affecting ShareFile. Make sure to apply the latest patch!
Overview
- Progress
- ShareFile Storage Zones Controller
02 Apr 2026
Published
03 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.19%
KEV
Description
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
Statistics
- 2 Posts
- 8 Interactions
Last activity: 13 hours ago
Bluesky
We added Progress ShareFile fingerprinting to our scans & reports with 784 unique IPs seen exposed on 2026-04-02.
watchTowr recently disclosed details behind an RCE CVE-2026-2699 & CVE-2026-2701 exploit chain affecting ShareFile. Make sure to apply the latest patch!
Overview
- Apache Software Foundation
- Apache ZooKeeper
- org.apache.zookeeper:zookeeper
07 Mar 2026
Published
10 Mar 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV
Description
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.
Statistics
- 2 Posts
Last activity: 11 hours ago