28533 matches found
CVE-2026-35555 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...
CVE-2026-35555
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...
CVE-2026-35555 Subnet Solutions PowerSYSTEM Center Incorrect Authorization
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...
CVE-2026-35555
CVE-2026-35555 affects Subnet Solutions PowerSYSTEM Center: the device project groups feature permits an authenticated user with limited permissions to perform an unauthorized deletion of project groups. The description identifies an authorization issue in the project groups workflow without deta...
CVE-2026-44987
SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...
CVE-2026-45728
creationtimestamp| type| source ---|---|--- 2026-05-12 20:09:41+00:00| published-proof-of-concept| https://github.com/xyproto/algernon/security/advisories/GHSA-fwqx-8365-9983...
EUVD-2026-29510
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...
CVE-2026-41895 changedetection.io: XXE vulnerability in the changedetection.io project
changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter switches to XML mode for XML/RSS content and creates etree.XMLParserstripcdata=False without explicitly disabling external entity resolution, external DTD loading, or network-backed entity...
CVE-2026-31217
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...
OPENSUSE-SU-2026:20717-1 Security update for raylib
This update for raylib fixes the following issues: Changes in raylib: - security update: CVE-2025-15533: Fix heap-based buffer overflow via GenImageFontAtlas function manipulation bsc1256900 CVE-2025-15534: Fix integer overflow vulnerability in LoadFontData bsc1256901 - Update to 5.5: NEW raylib...
CVE-2026-25787
Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...
CVE-2026-25786
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...
CVE-2026-25787
Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...
CVE-2026-25787
Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...
CVE-2026-25786
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...
CVE-2026-25786
CVE-2026-25786 affects devices where the web interface’s communication parameters page renders a PLC/station name. The root cause is inadequate validation/sanitization of the name, enabling an authenticated user (who is allowed to download a TIA project) to inject malicious scripts into the page....
CVE-2026-25786
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...
@uipath/project-packager (>=1.1.10 <=1.1.15), @uipath/solution-packager (>=0.0.30 <=0.0.34) potentially affected by unknown CVE via @uipath/solutionpackager-tool-core (>=0.0.31 <=0.0.33)
@uipath/solutionpackager-tool-core NPM version =0.0.31, =1.1.10, =0.0.30, =0.0.34 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3577...
@uipath/solution-packager (>=0.0.30 <=0.0.34) potentially affected by unknown CVE via @uipath/project-packager (>=1.1.10 <=1.1.15)
@uipath/project-packager NPM version =1.1.10, =0.0.30, =0.0.34 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3567...
Malicious code in @uipath/project-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdd50cfa0aae7619d6766f47b468fca17a04673407486d5c747f860c0c2e22b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...