Hitachi Energy RTU500

SUMMARY Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity. Please refer to the Recommended Immediate...

CVE-2026-24582 WordPress FlexTable plugin <= 3.24.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...

CVE-2026-39680 WordPress Diet Calorie Calculator plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through = 1.1.1...

PT-2026-31259

Name of the Vulnerable Software and Affected Versions MAIO – The new AI GEO / SEO tool versions n/a through 6.2.8 Description A missing authorization issue exists in HBSS Technologies MAIO – The new AI GEO / SEO tool, allowing exploitation of incorrectly configured access control security levels...

Grassroots DICOM (GDCM)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

IGL-Technologies eParking.fi

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

CVE-2017-3735

creationtimestamp| type| source ---|---|--- 2026-03-17 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-076-01...

PT-2026-21198

Name of the Vulnerable Software and Affected Versions PDF for Elementor Forms + Drag And Drop Template Builder versions through 6.3.1 Description A missing authorization issue exists in PDF for Elementor Forms + Drag And Drop Template Builder. The issue involves exploiting incorrectly configured...

PT-2026-4390

Name of the Vulnerable Software and Affected Versions Materialis Companion versions through 1.3.52 Description A missing authorization issue exists in Materialis Companion, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Materialis...

CVE-2021-31217

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM...

CVE-2023-25469

Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2...

CVE-2023-25060

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Album and Image Gallery plus Lightbox: from n/a through 1.6.2...

CVE-2025-23849

Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through = 0.5.18...

CVE-2025-23929

Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation email-capture-lead-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through = 1.0.2...

Arista Networks EOS Buffer Overflow (SA0132)

On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic. Note that Nessus has...

CVE-2019-7158

OX App Suite 7.10.0 and earlier has Incorrect Access Control...

CVE-2025-69352 WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through = 6.15.12.2...

Adios 2025, you won’t be missed

Welcome to this week's edition of the Threat Source newsletter. For us in America, we're in the holiday doldrums and things slow and/or shut down until the new year. At Cisco, we shut down the last week of the year to reset and recharge, and I've grown to be quite fond of it. I've worked plenty o...

CVE-2025-54743

CVE-2025-54743 describes a Missing Authorization vulnerability in the WordPress plugin Download After Email (versions 2.1.5–2.1.6). Exploitation would allow bypassing access controls to download content due to misconfigured authorization. Affected product: Download After Email – Subscribe & Downl...

ALSA-2025:23667 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...