NVD disclosure day
CVE-2025-9846
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability in Inka.Net allows command injection through unrestricted file uploads. An attacker could exploit this remotely by uploading a malicious file, potentially leading to arbitrary command execution on the affected system. This issue poses a significant risk due to its critical severity.
CVE-2025-9588
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An OS Command Injection vulnerability exists in Iron Mountain's EnVision archiving service, potentially allowing attackers to execute unauthorized commands on affected systems. This could impact confidentiality, integrity, and availability. Determining if this technology is in use and assessing its network exposure is
CVE-2025-26399
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
SolarWinds Web Help Desk is affected by a vulnerability allowing unauthenticated attackers to execute commands remotely. This could lead to unauthorized access and control of host machines, posing a significant business risk.