CVE-2025-3116

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller...

CVE-2025-3116

Summary: CVE-2025-3116 involves an input validation weakness in Schneider Electric Modicon Controllers (M241/M251/M258/LMC058/M262, per multiple reports) that can allow a Denial of Service when an authenticated user sends a specially crafted HTTPS request with improperly formatted body data to th...

CVE-2025-3899

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

CVE-2025-3916

CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file SSD file provided by the attacker...

CVE-2025-23179

CVE-2025-23179 affects Ribbon Communications Apollo 9608 SBC. The issue is a trust management weakness caused by hard-coded credentials (CWE-798). Severity per the CVSS 3.1 entry is MEDIUM (AV: adjacent, AC: low, PR: low, UI: none, S: unchanged, C:L/I:L/A:L). Reported sources consistently describ...

CVE-2025-0813

CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an unauthorized user without permission rights has physical access to the EPAS-UI computer and is able to reboot the workstation and interrupt the normal boot process...

CVE-2024-8531

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root...