Lucene search
K

113 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 2:12 p.m.6 views

Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager

Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...

8.8CVSS7.5AI score0.00331EPSS
Exploits1Affected Software5
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.12 views

CVE-2026-24349

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...

8.2CVSS5.4AI score0.00057EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 10:16 a.m.14 views

CVE-2026-24349

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...

8.2CVSS0.00057EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 8:46 a.m.13 views

EUVD-2026-35382

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...

8.2CVSS5.4AI score0.00057EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:46 a.m.37 views

CVE-2026-24349

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...

8.2CVSS0.00057EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 8:46 a.m.11 views

CVE-2026-24349

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...

8.2CVSS5.4AI score0.00057EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 8:46 a.m.29 views

CVE-2026-24349

The CVE-2026-24349 entry affects SIMATIC WinCC Unified PC Runtime V16–V21 (all versions up to but not including V21 Update 2). The root cause is insufficient protection of key material in WinCC Certificate Manager, which could allow an attacker to extract sensitive information. All connected sour...

8.2CVSS5.4AI score0.00057EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47730

Name of the Vulnerable Software and Affected Versions SIMATIC WinCC Unified PC Runtime versions V16 through V20 SIMATIC WinCC Unified PC Runtime versions prior to V21 Update 2 Description Insufficient protection of key material in the WinCC Certificate Manager could allow an attacker to extract...

8.2CVSS5.9AI score0.00057EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Siemens SIMATIC WinCC Unified PC Runtime 安全漏洞

Siemens SIMATIC WinCC Unified PC Runtime is an industrial automation and SCADA system interface and monitoring platform developed by Siemens, a German company. Versions of Siemens SIMATIC WinCC Unified PC Runtime such as V16, V17, V18, V19, V20, and V21 Update 2 contain security vulnerabilities...

8.2CVSS5.4AI score0.00057EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-32643

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.7AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42406

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.7AI score0.0015EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/certificate-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.20 views

F5 Networks BIG-IP : BIG-IP and BIG-IQ privilege escalation vulnerability (K000160971)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160971 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...

8.7CVSS5.8AI score0.0015EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.29 views

F5 Networks BIG-IP : BIG-IP and BIG-IQ privilege escalation vulnerability (K000160972)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160972 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...

8.7CVSS5.8AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-29997

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...

8.7CVSS5.9AI score0.0015EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-29961

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.9AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.14 views

CVE-2026-42406

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...

8.7CVSS0.0015EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.9 views

CVE-2026-32643

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.30 views

CVE-2026-42406 BIG-IP and BIG-IQ privilege escalation vulnerability

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...

8.7CVSS0.0015EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.9 views

CVE-2026-42406

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are...

8.7CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder