Monthly
Unauthenticated remote code execution in Progress ShareFile Storage Zones Controller allows network attackers to access restricted configuration pages and execute arbitrary code with no user interaction required. This critical vulnerability (CVSS 9.8) affects customer-managed SZC deployments and has publicly available exploit code, enabling trivial weaponization. The attack requires no privileges, low complexity, and achieves full system compromise (confidentiality, integrity, availability impact all high), making this an immediate patching priority for organizations running on-premises ShareFile infrastructure.
Unauthenticated attackers can manipulate the Administrative Interface in Free CRM to achieve code execution following a redirect attack. The vulnerability affects Free CRM up to commit b83c40a and requires only network access and low privileges, with public exploit code already available. No patch is currently available, and the vendor has not responded to disclosure attempts.
Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).
Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS contains a security vulnerability (CVSS 8.7).
A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.
Unauthenticated remote code execution in Progress ShareFile Storage Zones Controller allows network attackers to access restricted configuration pages and execute arbitrary code with no user interaction required. This critical vulnerability (CVSS 9.8) affects customer-managed SZC deployments and has publicly available exploit code, enabling trivial weaponization. The attack requires no privileges, low complexity, and achieves full system compromise (confidentiality, integrity, availability impact all high), making this an immediate patching priority for organizations running on-premises ShareFile infrastructure.
Unauthenticated attackers can manipulate the Administrative Interface in Free CRM to achieve code execution following a redirect attack. The vulnerability affects Free CRM up to commit b83c40a and requires only network access and low privileges, with public exploit code already available. No patch is currently available, and the vendor has not responded to disclosure attempts.
Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).
Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS contains a security vulnerability (CVSS 8.7).
A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.