24h | 7d | 30d

CVE-2026-2701

Overview

  • Progress
  • ShareFile Storage Zones Controller
02 Apr 2026
Published
03 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.72%
KEV

Description

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Watchtowr~ A pre-auth RCE chain in Progress ShareFile Storage Zone Controller allows full system compromise. - IOCs: CVE-2026-2699, CVE-2026-2701 - #RCE #ShareFile #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-42248

Overview

  • Ollama
  • Ollama
29 Apr 2026
Published
29 Apr 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.01%
KEV

Description

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application. Critically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
HackerWorkspace @hackerworkspace

Unpatched flaws turn Ollama's auto-updater into a persistent RCE vector, researchers say - Help Net Security

helpnetsecurity.com/2026/05/05

Read on HackerWorkspace: hackerworkspace.com/article/un

  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-2699

Overview

  • Progress
  • ShareFile Storage Zones Controller
02 Apr 2026
Published
08 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
25.26%
KEV

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
piggo @pigondrugs.bsky.social
~Watchtowr~ A pre-auth RCE chain in Progress ShareFile Storage Zone Controller allows full system compromise. - IOCs: CVE-2026-2699, CVE-2026-2701 - #RCE #ShareFile #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago

CVE-2025-41691

Overview

  • CODESYS
  • Control RTE (SL)
04 Aug 2025
Published
04 Aug 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.15%
KEV

Description

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-41659

Overview

  • CODESYS
  • Control RTE (SL)
04 Aug 2025
Published
04 Aug 2025
Updated
CVSS v3.1
HIGH (8.3)
EPSS
0.05%
KEV

Description

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-41658

Overview

  • CODESYS
  • Runtime Toolkit
04 Aug 2025
Published
04 Aug 2025
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.02%
KEV

Description

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 8h ago

CVE-2021-23259

Overview

  • Crafter Software
  • Crafter CMS
02 Dec 2021
Published
16 Sep 2024
Updated
CVSS v3.1
MEDIUM (4.2)
EPSS
0.39%
KEV

Description

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 3h ago

CVE-2022-40635

Overview

  • Crafter Software
  • Crafter CMS
13 Sep 2022
Published
16 Sep 2024
Updated
CVSS v3.1
MEDIUM (6.4)
EPSS
12.99%
KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-1770

Overview

  • CrafterCMS
  • CrafterCMS
  • Studio
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS v4.0
MEDIUM (4.5)
EPSS
0.04%
KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-6384

Overview

  • CrafterCMS
  • CrafterCMS
  • Studio
19 Jun 2025
Published
23 Jun 2025
Updated
CVSS v4.0
HIGH (7.3)
EPSS
0.32%
KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 3h ago
Showing 31 to 40 of 49 CVEs