24h | 7d | 30d

Overview

  • Progress Software
  • MOVEit Automation

30 Apr 2026
Published
01 May 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.22%

KEV

Description

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
Critical 98 MOVEit Automation Flaw Opens Enterprise File Transfer Systems to Unauthenticated Takeover + Video Introduction: A critical authentication bypass vulnerability (CVE-2026-4670, CVSS 9.8) and a high-severity privilege escalation flaw (CVE-2026-5174, CVSS 7.7) have been disclosed in…
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • CODESYS
  • Control RTE (SL)

04 Aug 2025
Published
04 Aug 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.15%

KEV

Description

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • CODESYS
  • Control RTE (SL)

04 Aug 2025
Published
04 Aug 2025
Updated

CVSS v3.1
HIGH (8.3)
EPSS
0.05%

KEV

Description

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • CODESYS
  • Runtime Toolkit

04 Aug 2025
Published
04 Aug 2025
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
0.02%

KEV

Description

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Crafter Software
  • Crafter CMS

13 Sep 2022
Published
16 Sep 2024
Updated

CVSS v3.1
MEDIUM (6.4)
EPSS
12.99%

KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • CrafterCMS
  • CrafterCMS
  • Studio

02 Feb 2026
Published
02 Feb 2026
Updated

CVSS v4.0
MEDIUM (4.5)
EPSS
0.04%

KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • CrafterCMS
  • CrafterCMS
  • Studio

19 Jun 2025
Published
23 Jun 2025
Updated

CVSS v4.0
HIGH (7.3)
EPSS
0.32%

KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Crafter Software
  • Crafter CMS

02 Dec 2021
Published
16 Sep 2024
Updated

CVSS v3.1
MEDIUM (4.2)
EPSS
0.39%

KEV

Description

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 14h ago
Showing 21 to 28 of 28 CVEs