24h | 7d | 30d

Overview

  • Progress
  • ShareFile Storage Zones Controller

02 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.72%

KEV

Description

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
~Watchtowr~ A pre-auth RCE chain in Progress ShareFile Storage Zone Controller allows full system compromise. - IOCs: CVE-2026-2699, CVE-2026-2701 - #RCE #ShareFile #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Ollama
  • Ollama

29 Apr 2026
Published
29 Apr 2026
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.01%

KEV

Description

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before staging or executing update payloads, enabling attacker‑supplied executables to be accepted and later executed by the application. Critically, Ollama for Windows performs silent automatic updates, so the malicious payload may be installed automatically without user awareness. Maintainers of this project were notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Versions from 0.12.10 to 0.17.5 were tested and confirmed as vulnerable, other versions were not tested but might also be vulnerable.

Statistics

  • 1 Post

Last activity: 23 hours ago

Overview

  • Progress
  • ShareFile Storage Zones Controller

02 Apr 2026
Published
08 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
25.26%

KEV

Description

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
~Watchtowr~ A pre-auth RCE chain in Progress ShareFile Storage Zone Controller allows full system compromise. - IOCs: CVE-2026-2699, CVE-2026-2701 - #RCE #ShareFile #ThreatIntel
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • CODESYS
  • Control RTE (SL)

04 Aug 2025
Published
04 Aug 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.15%

KEV

Description

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • CODESYS
  • Control RTE (SL)

04 Aug 2025
Published
04 Aug 2025
Updated

CVSS v3.1
HIGH (8.3)
EPSS
0.05%

KEV

Description

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • CODESYS
  • Runtime Toolkit

04 Aug 2025
Published
04 Aug 2025
Updated

CVSS v3.1
MEDIUM (5.5)
EPSS
0.02%

KEV

Description

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Crafter Software
  • Crafter CMS

02 Dec 2021
Published
16 Sep 2024
Updated

CVSS v3.1
MEDIUM (4.2)
EPSS
0.39%

KEV

Description

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Crafter Software
  • Crafter CMS

13 Sep 2022
Published
16 Sep 2024
Updated

CVSS v3.1
MEDIUM (6.4)
EPSS
12.99%

KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • CrafterCMS
  • CrafterCMS
  • Studio

02 Feb 2026
Published
02 Feb 2026
Updated

CVSS v4.0
MEDIUM (4.5)
EPSS
0.04%

KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • CrafterCMS
  • CrafterCMS
  • Studio

19 Jun 2025
Published
23 Jun 2025
Updated

CVSS v4.0
HIGH (7.3)
EPSS
0.32%

KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 3h ago
Showing 31 to 40 of 49 CVEs