PT-2026-4357

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to a device reference imbalance within the ISP1301 USB PHY driver. A recent fix for a device reference leak in a UDC driver introduced a potenti...

CVE-2025-25051 AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks...

CVE-2025-67652 AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

CVE-2025-68135

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2025-32056 Anti-Theft Bypass for Infotainment ECU

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2025-32056

CVE-2025-32056 describes an anti-theft bypass affecting the Nissan Leaf ZE1 infotainment ECU. According to the sources, attackers can bypass the head-unit protection by exploiting weak response generation algorithms and can reveal all 32 possible responses by sniffing CAN traffic or pre-calculati...

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1324

Summary: CVE-2026-1324 affects Sangfor Operation and Maintenance Management System (

CVE-2026-23959

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959

CoreShop (Pimcore-based eCommerce) contains an error-based SQL Injection in the admin-facing endpoint /admin/coreshop/customer-company-modifier/duplication-name-check, affecting versions prior to 4.1.9. The root cause is unsafe interpolation of user input into a SQL condition (example pattern: sp...

CVE-2026-23959

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability allows attackers to decrypt sensiti...

PT-2026-4284

Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A Cross-Site Scripting XSS issue exists in a parameter within Omada Controllers because of insufficient input sanitization. Successful exploitation requires specific conditions,...

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability stems from the exposure of...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49992)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49992 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues wit...

Azure Linux 3.0 Security Update: samba (CVE-2019-3870)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-3870 advisory. - A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the...

CoreShop security vulnerability

CoreShop is an open-source e-commerce system developed by CoreShop. Versions of CoreShop prior to 4.1.9 contained security vulnerabilities. These vulnerabilities stemmed from improper insertion of user input into SQL queries through the CustomerTransformerController, which could lead to SQL...