Skip to main content

CWE-698

Execution After Redirect (EAR)

15 CVEs Avg CVSS 7.6 MITRE
8
CRITICAL
3
HIGH
1
MEDIUM
3
LOW
7
POC
0
KEV

Monthly

CVE-2026-58455 CRITICAL Act Now

Unauthenticated OS command injection in Notifiarr Dockwatch through version 0.6.567 lets remote attackers run arbitrary shell commands on the host and achieve full compromise, since default deployments mount the Docker socket. The root cause is an Execution-After-Redirect flaw (CWE-698) where loader.php redirects unauthenticated users but fails to call exit(), allowing the attacker to seed the required session flag and then reach shell_exec() in ajax/compose.php with attacker-controlled input. The CVSS 4.0 base score is 9.2 (VC/VI/VA all High); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, though a vendor advisory and upstream fix exist.

Command Injection PHP Docker Dockwatch
NVD GitHub
CVSS 4.0
9.2
EPSS
1.2%
CVE-2026-10271 LOW POC Monitor

Execution After Redirect (EAR) in a4m4's Student-Management-System exposes admin/ endpoints to unauthorized data access via manipulation of the uid parameter, allowing server-side PHP logic to execute and return sensitive output despite issuing an HTTP redirect response. The CVSS vector (PR:N) confirms no authentication is required, and the exploit has been publicly published via a GitHub issue, making this trivially reproducible. No patch exists and the project maintainer has not responded to disclosure, leaving all deployed instances exposed with no vendor remediation timeline.

Information Disclosure Student Management System
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-2699 CRITICAL POC PATCH NEWS Act Now

Unauthenticated remote code execution affects Progress ShareFile Storage Zones Controller versions up to 5.12.3 via unauthorized access to restricted configuration pages. Attackers can modify system configuration remotely without authentication, leading to complete system compromise. Publicly available exploit code exists (watchTowr Labs GitHub). EPSS score of 0.41% suggests relatively low observed exploitation despite critical CVSS 9.8 rating and POC availability. Vendor patch released per ShareFile security advisory.

RCE Sharefile Storage Zones Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-3264 LOW POC Monitor

Unauthenticated attackers can manipulate the Administrative Interface in Free CRM to achieve code execution following a redirect attack. The vulnerability affects Free CRM up to commit b83c40a and requires only network access and low privileges, with public exploit code already available. No patch is currently available, and the vendor has not responded to disclosure attempts.

Information Disclosure Free Crm
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-3262 LOW POC Monitor

Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).

Information Disclosure Asp Net Core Inventory Order Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6967 HIGH This Week

Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS contains a security vulnerability (CVSS 8.7).

Authentication Bypass
NVD VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-9848 MEDIUM POC This Month

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2024-48766 HIGH POC THREAT Act Now

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.

PHP Path Traversal Netalertx
NVD
CVSS 3.1
8.6
EPSS
75.0%
Threat
5.5
CVE-2024-3376 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-2635 HIGH This Week

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.4%
EPSS 1% CVSS 9.2
CRITICAL Act Now

Unauthenticated OS command injection in Notifiarr Dockwatch through version 0.6.567 lets remote attackers run arbitrary shell commands on the host and achieve full compromise, since default deployments mount the Docker socket. The root cause is an Execution-After-Redirect flaw (CWE-698) where loader.php redirects unauthenticated users but fails to call exit(), allowing the attacker to seed the required session flag and then reach shell_exec() in ajax/compose.php with attacker-controlled input. The CVSS 4.0 base score is 9.2 (VC/VI/VA all High); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, though a vendor advisory and upstream fix exist.

Command Injection PHP Docker +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Execution After Redirect (EAR) in a4m4's Student-Management-System exposes admin/ endpoints to unauthorized data access via manipulation of the uid parameter, allowing server-side PHP logic to execute and return sensitive output despite issuing an HTTP redirect response. The CVSS vector (PR:N) confirms no authentication is required, and the exploit has been publicly published via a GitHub issue, making this trivially reproducible. No patch exists and the project maintainer has not responded to disclosure, leaving all deployed instances exposed with no vendor remediation timeline.

Information Disclosure Student Management System
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Unauthenticated remote code execution affects Progress ShareFile Storage Zones Controller versions up to 5.12.3 via unauthorized access to restricted configuration pages. Attackers can modify system configuration remotely without authentication, leading to complete system compromise. Publicly available exploit code exists (watchTowr Labs GitHub). EPSS score of 0.41% suggests relatively low observed exploitation despite critical CVSS 9.8 rating and POC availability. Vendor patch released per ShareFile security advisory.

RCE Sharefile Storage Zones Controller
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Unauthenticated attackers can manipulate the Administrative Interface in Free CRM to achieve code execution following a redirect attack. The vulnerability affects Free CRM up to commit b83c40a and requires only network access and low privileges, with public exploit code already available. No patch is currently available, and the vendor has not responded to disclosure attempts.

Information Disclosure Free Crm
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).

Information Disclosure Asp Net Core Inventory Order Management System
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS contains a security vulnerability (CVSS 8.7).

Authentication Bypass
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure
NVD VulDB
EPSS 75% 5.5 CVSS 8.6
HIGH POC THREAT Act Now

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.

PHP Path Traversal Netalertx
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Computer Laboratory Management System
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH This Week

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy