External pentest lead to the discovery of two CVEs (CVE-2025-51682 & CVE-2025-51683) in mJobTime. Exploiting them leads to unauthenticated code execution.

A .NET deserialization vulnerability in the Swiss software Topal Finanzbuchhaltung allows unauthenticated RCE as SYSTEM.

Mitel phone firmware analysis lead to the discovery of two vulnerabilities (CVE-2025-47187 & CVE-2025-47188). Exploiting them leads to unauthenticated code execution on the phone itself.

Logistics Sofware SQLi-RCE