24h | 7d | 30d

CVE-2026-40076

Overview

  • openmrs
  • openmrs-core
06 May 2026
Published
06 May 2026
Updated
CVSS v4.0
CRITICAL (9.4)
EPSS
Pending
KEV

Description

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod archives in `WebModuleUtil.startModule()`, ZIP entries under web/module/ are checked only to see whether the full entry path starts with `..,` and the remaining path is then concatenated into the destination path without normalization or a boundary check. A crafted archive can therefore include entries such as `web/module/../../../../malicious.jsp` and cause files to be written outside the intended module directory. An authenticated attacker with module upload access can write arbitrary files to locations such as the web application root and achieve remote code execution by uploading a JSP file and then requesting it. The issue is compounded by the fact that the module.allow_web_admin runtime property is enforced in the legacy UI controller but not in the REST API upload path, so deployments relying on that property to block web-based module administration remain exposed through the REST endpoint. This issue has been fixed in versions after 2.7.8 in the 2.7.x line and in version 2.8.6 and later.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL OpenMRS Core vuln: Path traversal (CVE-2026-40076, CVSS 9.4) lets auth users upload .omod files to gain RCE via crafted ZIPs. Affects ≤2.7.8, 2.8.0 – 2.8.5. Upgrade to 2.7.9/2.8.6+ now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-20333

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
25 Sep 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
25.14%
KEV

Description

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
Red Hot Cyber @redhotcyber.bsky.social
Vulnerabilità Cisco ASA: la minaccia di exploit pre-auth RCE è vicina 📌 Link all'articolo : www.redhotcyber.com/post/vulnera... A cura di Manuel Pomarè #redhotcyber #news #cybersecurity #hacking #ciscoasa #exploit #rce #sicurezzainformatica #cve202520362 #cve202520333 #infosecurity
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-20362

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
25 Sep 2025
Published
26 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
44.08%
KEV

Description

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
Red Hot Cyber @redhotcyber.bsky.social
Vulnerabilità Cisco ASA: la minaccia di exploit pre-auth RCE è vicina 📌 Link all'articolo : www.redhotcyber.com/post/vulnera... A cura di Manuel Pomarè #redhotcyber #news #cybersecurity #hacking #ciscoasa #exploit #rce #sicurezzainformatica #cve202520362 #cve202520333 #infosecurity
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-41691

Overview

  • CODESYS
  • Control RTE (SL)
04 Aug 2025
Published
04 Aug 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.15%
KEV

Description

An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-41659

Overview

  • CODESYS
  • Control RTE (SL)
04 Aug 2025
Published
04 Aug 2025
Updated
CVSS v3.1
HIGH (8.3)
EPSS
0.05%
KEV

Description

A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 23h ago

CVE-2025-41658

Overview

  • CODESYS
  • Runtime Toolkit
04 Aug 2025
Published
04 Aug 2025
Updated
CVSS v3.1
MEDIUM (5.5)
EPSS
0.02%
KEV

Description

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-005
ifm: Multiple Vulnerabilities in CR3171

The Firmware installed on the CR3171 is impacted by various CODESYS vulnerabilities.
CVE-2025-41659, CVE-2025-41691, CVE-2025-41658

certvde.com/en/advisories/vde-

ifm.csaf-tp.certvde.com/.well-

  • 0
  • 0
  • 0
  • 23h ago

CVE-2022-40635

Overview

  • Crafter Software
  • Crafter CMS
13 Sep 2022
Published
16 Sep 2024
Updated
CVSS v3.1
MEDIUM (6.4)
EPSS
12.99%
KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-1770

Overview

  • CrafterCMS
  • CrafterCMS
  • Studio
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS v4.0
MEDIUM (4.5)
EPSS
0.04%
KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-6384

Overview

  • CrafterCMS
  • CrafterCMS
  • Studio
19 Jun 2025
Published
23 Jun 2025
Updated
CVSS v4.0
HIGH (7.3)
EPSS
0.32%
KEV

Description

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 18h ago

CVE-2021-23259

Overview

  • Crafter Software
  • Crafter CMS
02 Dec 2021
Published
16 Sep 2024
Updated
CVSS v3.1
MEDIUM (4.2)
EPSS
0.39%
KEV

Description

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, which will cause attackers to execute arbitrary commands remotely(RCE).

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
pentest-tools.com @pentesttools

The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: pentest-tools.com/research

  • 0
  • 0
  • 0
  • 18h ago
Showing 21 to 30 of 30 CVEs