EUVD-2025-36438

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...

Siemens RUGGEDCOM ROS Devices Improper Handling of Exceptional Conditions (CVE-2025-41222)

Affected devices do not properly handle malformed TLS handshake messages. This could allow an attacker with network access to the webserver to cause a denial of service resulting in the web server and the device to crash. This plugin only works with Tenable.ot. Please visit...

CVE-2025-41719

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

CVE-2025-41720

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

CVE-2025-41719

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

CVE-2025-41720

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

CVE-2025-41720 Sauter: Arbitrary File Upload

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

CVE-2025-41720 Sauter: Arbitrary File Upload

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

CVE-2025-41720

CVE-2025-41720 affects Sauter modu680-AS (modular automation station with a web server). The issue arises when the webserver API validates only the file extension, allowing a low-privileged remote attacker to upload arbitrary data masked as a PNG file. The root cause is insufficient validation of...

CVE-2025-41719 Sauter: Improper Validation of user-controlled data

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

EUVD-2025-35337

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

CVE-2025-41719 Sauter: Improper Validation of user-controlled data

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password...

CVE-2025-41706

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...

Improper Rate Limiting

ethyca-fides is vulnerable to Improper Rate Limiting. The vulnerability is due to the webserver API incorrectly applying rate limits based on infrastructure IPs instead of client IPs and storing counters in-memory rather than in a shared store, which allows an attacker to bypass rate limiting...

CVE-2025-41706

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...

CVE-2025-41706 Phoenix Contact: Webserver Denial of Service through Malformed Content-Length

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...

CVE-2025-41706

CVE-2025-41706 affects the Phoenix Contact webserver used in the QUINT4-UPS/24DC/24DC/10/EIP family. The issue is a denial-of-service condition that an unauthenticated remote attacker can trigger by sending a specially crafted GET request with an over-long Content-Length header. The vulnerability...

CVE-2025-41706 Phoenix Contact: Webserver Denial of Service through Malformed Content-Length

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...

EUVD-2025-34148

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality...

CVE-2025-11672

Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names...