CVE-2026-25787

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames

None...

CVE-2026-39432

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53...

CVE-2026-39432 WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53...

CVE-2026-39432 WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53...

CVE-2026-39432

CVE-2026-39432 affects WordPress Timetics plugin (versions ≤ 1.0.53). The issue is a Missing Authorization vulnerability described as Broken Access Control, allowing exploitation due to incorrectly configured access control levels. CVSSv3.1 base score 8.2 (HIGH) with network attack vector, low at...

Malicious code in pirxcypackage (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5de481a31a831804a096bf6cf87157c0b0ee158aa7306c95080447764f9f7540 PirxcyPackage/init.py fetches https://pastebin.com/raw/91tFF63S and passes the response body to exec on every import. This is a textbook...

Schneider Electric EcoStruxure Panel Server

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

breakout-vm-penetration-test

Privilege Escalation Report: Exploiting Linux Capabilities...

CVE-2026-1681 net: Stack Overflow with Ping (to own IP Address) via Shell

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

EUVD-2026-29387

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

SUSE CVE-2026-43296

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between stick...

MAL-2026-3526 Malicious code in @uipath/agent-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bf0a4aecf9abab564a34cce85bbd0992c11840dfce74518bc3f21d5fc4e47ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3521 Malicious code in @tolka/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 690527fdde65817c5fb47eeae87927130e678a6255b461b2ebfa6c0881be570f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @taskflow-corp/cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e305906fa9a2ce7ccc0318baa5c5d7cd13bd021623fec9701e1841d92ab00e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-6860

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

CVE-2026-40137

SAP CVE-2026-40137 affects the SAP TAF_APPLAUNCHER component of Business Server Pages. It describes a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can craft malicious links that, when a victim clicks, redirect to attacker‑controlled sites and potentially expose or alter info...

Malicious code in git-branch-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab170d586455af0816362e715de0907ddaa19adb87c68ef59255139322dde69 The package git-branch-selector was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3434 Malicious code in @opensearch-project/opensearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1668370f4091d14b4e74ad0e9b25c70ccbc5bf7fb7d97f535212ce2289e71347 The package @opensearch-project/opensearch was found to contain malicious code. Source: ghsa-malware...