1. SharpSite Plugin System Exposed to Critical RCE via Insecure JSON Deserialization
A P0 security vulnerability has been identified in SharpSite's plugin and configuration system, exposing at least four code locations to Remote Code Execution (RCE) through insecure deserialization. The flaw centers on Newtonsoft.Json's `TypeNameHandling.Auto` setting, a well-documented attack vector that allows advers...