CVE-2025-67652 AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

CVE-2025-68135

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2025-32056 Anti-Theft Bypass for Infotainment ECU

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2025-32056

CVE-2025-32056 describes an anti-theft bypass affecting the Nissan Leaf ZE1 infotainment ECU. According to the sources, attackers can bypass the head-unit protection by exploiting weak response generation algorithms and can reveal all 32 possible responses by sniffing CAN traffic or pre-calculati...

CVE-2026-1324

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

CVE-2026-1324

Summary: CVE-2026-1324 affects Sangfor Operation and Maintenance Management System (

CVE-2026-23959

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

CVE-2026-23959

CoreShop (Pimcore-based eCommerce) contains an error-based SQL Injection in the admin-facing endpoint /admin/coreshop/customer-company-modifier/duplication-name-check, affecting versions prior to 4.1.9. The root cause is unsafe interpolation of user input into a SQL condition (example pattern: sp...

CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability stems from the exposure of...

Azure Linux 3.0 Security Update: samba (CVE-2019-3870)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-3870 advisory. - A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the...

CoreShop security vulnerability

CoreShop is an open-source e-commerce system developed by CoreShop. Versions of CoreShop prior to 4.1.9 contained security vulnerabilities. These vulnerabilities stemmed from improper insertion of user input into SQL queries through the CustomerTransformerController, which could lead to SQL...

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability allows attackers to decrypt sensiti...

Azure Linux 3.0 Security Update: samba (CVE-2020-25718)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25718 advisory. - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49992)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49992 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues wit...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57981)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57981 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference ...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46836)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46836 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeedudc: validate endpoin...