CVE-2025-4674

CVE-2025-4674 affects the Go toolchain (cmd/go) and its handling of VCS metadata. The issue arises when the Go command operates in untrusted VCS repositories that contain metadata from a different VCS, potentially enabling unexpected command execution. The affected component is the Go toolchain i...

isf

This is a Python-based exploitation framework called ISF Industrial Exploitation Framework that is similar to Metasploit. It is designed for industrial control system ICS exploitation and is used for testing and demonstrating vulnerabilities in ICS devices. The framework is based on the open-sour...

Honeywell Experion PKS (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

Mitsubishi Electric CNC Series (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious DLL. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the centralized control system for network devices and ports of Advantech iView is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...

The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the centralized control system for network devices and ports of Advantech iView is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...

The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the centralized control system for network devices and ports of Advantech iView is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...

The vulnerability of the “Tekon” SCADA system, which stems from the use of strictly encrypted account data, allows a intruder to enhance their privileges and execute arbitrary codes.

The vulnerability of the “Tekon” SCADA system is related to the use of strictly encrypted account data. Exploiting this vulnerability can allow a malicious actor to increase their privileges and execute arbitrary codes remotely...

[SECURITY] Fedora 41 Update: git-2.50.1-1.fc41

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Updated golang packages fix security vulnerabilities

Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...

[SECURITY] Fedora 42 Update: git-2.50.1-1.fc42

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

End-of-Train and Head-of-Train Remote Linking Protocol (Update C)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train which may lead to a disruption of operations, or induce brake failure. 2. RECOMMENDED PRACTICES CISA...

CVE-2025-48384

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

CVE-2025-48385

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...

CVE-2025-29631

creationtimestamp| type| source ---|---|--- 2025-07-04 21:00:04+00:00| published-proof-of-concept| Telegram/OollRHxvoptfGlV2c1gbdC6jSDWMy1y9qQszI5U7KKS9Kqc 2026-02-24 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03 2026-04-02 16:00:04+00:00| seen|...

CVE-2025-29629

creationtimestamp| type| source ---|---|--- 2025-07-04 21:00:04+00:00| published-proof-of-concept| Telegram/OollRHxvoptfGlV2c1gbdC6jSDWMy1y9qQszI5U7KKS9Kqc 2026-02-24 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03 2026-04-02 16:00:04+00:00| seen|...

CVE-2025-29628

creationtimestamp| type| source ---|---|--- 2025-07-04 21:00:04+00:00| published-proof-of-concept| Telegram/OollRHxvoptfGlV2c1gbdC6jSDWMy1y9qQszI5U7KKS9Kqc 2026-02-24 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03 2026-04-02 16:00:04+00:00| seen|...

The vulnerability of the microprogramming software of the Elfatek Elektronik ANKA JPD 00028 series radio control system, related to improper access control, allows a intruder to gain unauthorized access and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the microprogramming software of the Elfatek Elektronik ANKA JPD 00028 series radio control system is related to improper access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access and compromise the...

Norwegian Dam Valve Forced Open for Hours in Cyberattack

Unidentified hackers breached a Norwegian dam's control system in April, opening its valve for hours due to a weak password. Learn how simple vulnerabilities threaten critical infrastructure...

Dover Fueling Solutions ProGauge MagLink LX consoles

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining control of the monitoring device, manipulating fueling operations, deleting system configurations, or deploying malware. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...