113 matches found
Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager
Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...
CVE-2026-24349
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...
CVE-2026-24349
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...
EUVD-2026-35382
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...
CVE-2026-24349
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...
CVE-2026-24349
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...
CVE-2026-24349
The CVE-2026-24349 entry affects SIMATIC WinCC Unified PC Runtime V16–V21 (all versions up to but not including V21 Update 2). The root cause is insufficient protection of key material in WinCC Certificate Manager, which could allow an attacker to extract sensitive information. All connected sour...
PT-2026-47730
Name of the Vulnerable Software and Affected Versions SIMATIC WinCC Unified PC Runtime versions V16 through V20 SIMATIC WinCC Unified PC Runtime versions prior to V21 Update 2 Description Insufficient protection of key material in the WinCC Certificate Manager could allow an attacker to extract...
Siemens SIMATIC WinCC Unified PC Runtime 安全漏洞
Siemens SIMATIC WinCC Unified PC Runtime is an industrial automation and SCADA system interface and monitoring platform developed by Siemens, a German company. Versions of Siemens SIMATIC WinCC Unified PC Runtime such as V16, V17, V18, V19, V20, and V21 Update 2 contain security vulnerabilities...
CVE-2026-32643
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-42406
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
Malicious Package
Overview @cloudplatform-single-spa/certificate-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
F5 Networks BIG-IP : BIG-IP and BIG-IQ privilege escalation vulnerability (K000160971)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160971 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...
F5 Networks BIG-IP : BIG-IP and BIG-IQ privilege escalation vulnerability (K000160972)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160972 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...
EUVD-2026-29997
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
EUVD-2026-29961
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-42406
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-32643
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-42406 BIG-IP and BIG-IQ privilege escalation vulnerability
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...
CVE-2026-42406
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...