PT-2025-89: NULL Pointer Dereference in Fastwel PLC web server

The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. Exploitation of the vulnerability allows a remote attacker to cause a denial of service by sending multiple specially crafted HTTP requests. Vulnerability status: Confirmed by vend...

Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter (Update B)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Bender多款产品 安全漏洞

Bender CC612 and others are products of Bender, Germany.Bender CC612 is a charge controller.Bender CC613 is a charge controller.Bender ICC15xx is an insulation monitoring device. A security vulnerability exists in several Bender products, which stems from an insecure default configuration that...

Bender多款产品 安全漏洞

Bender CC612 and others are products of Bender, Germany.Bender CC612 is a charge controller.Bender CC613 is a charge controller.Bender ICC15xx is an insulation monitoring device. A security vulnerability exists in a number of Bender products, which stems from the ability to access credentials...

ICSLure: a Very High Interaction Honeynet for PLC-Based Industrial Control Systems

The security of Industrial Control Systems ICSs is critical to ensuring the safety of industrial processes and personnel. The rapid adoption of Industrial Internet of Things IIoT technologies has expanded system functionality but also increased the attack surface, exposing ICSs to a growing range...

Linux Distros Unpatched Vulnerability : CVE-2020-11989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. CVE-2020-119...

Linux Distros Unpatched Vulnerability : CVE-2025-38178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Fix NULL pointer dereference A kernel panic was reported with the following kern...

Intel 700 Series Ethernet Input Validation Error Vulnerability

Intel 700 Series Ethernet is a family of high-performance Ethernet controllers from Intel Corporation. An input validation error vulnerability exists in Intel 700 Series Ethernet that stems from improper input validation, and no detailed vulnerability details are available at this time...

CVE-2025-38507

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected controllers. This was reported as an issue on android devices using kernel 6.6 due to the resume hook...

Linux Distros Unpatched Vulnerability : CVE-2020-1957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. CVE-2020-195...

Linux Distros Unpatched Vulnerability : CVE-2019-14902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the...

CVE-2025-38507

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected controllers. This was reported as an issue on android devices using kernel 6.6 due to the resume hook...

UBUNTU-CVE-2025-38507

In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected controllers. This was reported as an issue on android devices using kernel 6.6 due to the resume hook...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7649 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2025-8885 Source...

CVE-2025-40743

A vulnerability has been identified in SINUMERIK 828D PPU.4 All versions V4.95 SP5, SINUMERIK 828D PPU.5 All versions V5.25 SP1, SINUMERIK 840D sl All versions V4.95 SP5, SINUMERIK MC All versions V1.25 SP1, SINUMERIK MC V1.15 All versions V1.15 SP5, SINUMERIK ONE All versions V6.25 SP1, SINUMERI...

Schneider Electric EcoStruxure

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

A novel attack technique could be weaponized to rope thousands of public domain controllers DCs around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-service DDoS attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and...

Wazifa System updatesettings.php file SQL injection vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Password in the file /controllers/updatesettings.php. An attacker can use this vulnerability to...

Linux Distros Unpatched Vulnerability : CVE-2023-25012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel through 6.1.9 has a Use-After-Free in bigbenremove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain...

Linux Distros Unpatched Vulnerability : CVE-2024-42087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiodsetvalue...