2883 matches found
PT-2025-24626 · Schneider Electric · Modicon Controllers M241/M251
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An Uncontrolled Resource Consumption issue exists, potentially causing Denial of Service. This occurs when an authenticated malicious user sends a manipulated HTTPS Content-Length header to...
PT-2025-24630 · Schneider Electric · Modicon Controllers M241/M251 +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Cross-site Scripting issue exists, impacting system variables. This could allow an authenticated malicious user to inject unvalidated data, potentially modifying or reading data in a...
VulnCheck KEV: CVE-2025-20188
A vulnerability in the Out-of-Band Access Point AP Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected...
OESA-2025-1589 microcode_ctl security update
This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: Improper conditions check in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local...
OESA-2025-1587 microcode_ctl security update
This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: Improper conditions check in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local...
Schneider Electric Modicon Controllers Externally Controlled Reference to a Resource in Another Sphere (CVE-2025-2875)
CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller's webserver URL to access resources. This plugin only works with Tenable.ot. Please visit...
PHOENIX CONTACT ILC 安全漏洞
The PHOENIX CONTACT ILC is a series of programmable controllers from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT ILC that stems from an uncontrolled resource consumption issue in the IEC 61131 program that could lead to a denial of service attack...
USN-7513-5 linux-oracle-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...
CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...
CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...
CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...
CVE-2024-22216
In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...
CVE-2024-50954
The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network LAN, sending a specific Modbus message to the controller can cau...
CVE-2024-12083
Path Traversal Vulnerabilities CWE-22 exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products...
CVE-2023-28396
Improper access control in firmware for some IntelR ThunderbolTM Controllers versions before 41 may allow a privileged user to enable denial of service via local access...
CVE-2023-22276
Race condition in firmware for some IntelR Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access...
CVE-2023-21015
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-21002
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-21005
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-21003
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...