EUVD-2025-31585

Malicious code in bioql PyPI...

CVE-2025-56234

ATNA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC ATNA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within...

PT-2025-39838

Name of the Vulnerable Software and Affected Versions Nanda Automation Technology AT NA2000 affected versions not specified Description The AT NA2000 Programmable Logic Controller PLC exhibits a denial-of-service condition. The device improperly handles TCP RST packets, accepting a broad range of...

CVE-2025-56234

ATNA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC ATNA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within...

Survey Provides Takeaways for Security Pros to Operationalize their Remediation Life Cycle

Ask any security professional and they'll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate "fixer" somewhere in the organization. Thi...

Siemens SIMATIC eaSie Authentication Error Vulnerability

SIMATIC eaSie, the digital assistant for automation and process control technology in the Siemens Automation Concept "Total Integrated Automation", is vulnerable to an authentication error that could be exploited by a remote, unauthenticated attacker to send arbitrary messages to the service,...

Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System

Patrick DeSantis discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System. The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology,... This is only...

CODESYS Development System Engine.plugin ProfileInformation ProfileData Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...

CODESYS Development System ObjectManager.plugin Project.get_MissingTypes() Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.getMissingTypes functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to...

CODESYS Development System ObjectManager.plugin ObjectStream.ProfileByteArray Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file t...

CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...

PT-2021-3149 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to the incorrect management of code generation in the implementation of OLE Automation technology in Microsoft Windows. This can be exploited by a remote...

QiHang Media Web Digital Signage 3.0.9 Remote Code Execution Vulnerability

Exploit for hardware platform in category web applications function uploadShellPoC var xhr = new XMLHttpRequest; xhr.open"POST", "http://192.168.1.74:8090/QH.aspx", true; xhr.s...

QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure

QiHang Media Web QH.aspx Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected version: 3.0.9.0 Summary: Digital Signage Software. Desc: The...

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability

Summary Digital Signage Software. Description The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the 'filename' parameter when using the download action or thru 'path' parameter when using the getAll action is not properly verified before being...

2019 Global DDoS Threat Landscape Report

Today Imperva Research Labs, made up of senior researchers and industry experts who have been delivering sound and valid advice for over 15 years, is releasing a brand new Global DDoS Threat Landscape Report. The report is a statistical analysis of 3,643 network layer DDoS attacks throughout 2019...