Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege escalation in Red Hat's runtimes-inventory-rhel8-operator lets a standard cluster user act with full cluster-administrator authority on the Red Hat management platform. A misconfigured internal proxy attaches the cluster's main administrative credentials to every command it relays - not just the report traffic it should handle - so any authenticated user can issue admin-level instructions and alter cluster configuration or status. There is no public exploit identified at time of analysis, EPSS is low (0.21%, 12th percentile), and the issue is not in CISA KEV, but the impact is a classic confused-deputy authentication bypass and Red Hat has shipped a fix.
FNT Command 13.4.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.