24h | 7d | 30d

CVE-2026-2699

Overview

  • Progress
  • ShareFile Storage Zones Controller
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Statistics

  • 5 Posts
Last activity: 3 hours ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
  • 0
  • 0
  • 4
  • 3h ago

CVE-2026-4425

Overview

  • Pending
Pending
Published
30 Mar 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Reserved for EastLink case, but no need for CVE anymore

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

INTEL ALERT] CVE-2026-4425 is live. Is your GIGABYTE Control Center (GCC) acting as a backdoor for digital decay? I’m breaking down the forensic evidence and showing you how to harden your precinct. Don't let unpatched utilities breach your perimeter.

Read the full brief at The Cyber Mind Co.

thecybermind.co/2026/04/02/gig

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-2701

Overview

  • Progress
  • ShareFile Storage Zones Controller
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
Pending
KEV

Description

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

Statistics

  • 5 Posts
Last activity: 3 hours ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
  • 0
  • 0
  • 4
  • 3h ago

CVE-2026-33613

Overview

  • MB connect line
  • mbCONNECT24
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.12%
KEV

Description

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-33614

Overview

  • MB connect line
  • mbCONNECT24
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV

Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-33615

Overview

  • MB connect line
  • mbCONNECT24
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.08%
KEV

Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-33617

Overview

  • MB connect line
  • mbCONNECT24
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
0.03%
KEV

Description

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-33616

Overview

  • MB connect line
  • mbCONNECT24
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV

Description

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 0
  • 0
  • 0
  • 5h ago
Showing 31 to 38 of 38 CVEs