Lucene search
K

1162 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Siemens S7-1500 Use After Free (CVE-2025-7425)

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

7.8CVSS6.3AI score0.00339EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.9 views

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4517)

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor TarFile.extractusing the filter=parameter with a value of dataor...

9.4CVSS7.3AI score0.01184EPSS
Exploits11References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.7 views

Siemens SCALANCE and RUGGEDCOM Covert Timing Channel (CVE-2025-27587)

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS6.7AI score0.0037EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.3 views

Siemens S7-1500 Improper Encoding or Escaping of Output (CVE-2025-7545)

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

7.8CVSS4.9AI score0.00254EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Siemens SCALANCE and RUGGEDCOM Out-of-bounds Read (CVE-2025-9086)

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path='/'. Since this site is not...

7.5CVSS6.7AI score0.01301EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Siemens S7-1500 Use of Uninitialized Variable (CVE-2025-39931)

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg whe...

5.5CVSS5.9AI score0.00137EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.9 views

Siemens SCALANCE and RUGGEDCOM Double Free (CVE-2023-7256)

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...

9.8CVSS6.7AI score0.01522EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.8 views

Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2025-39841)

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the...

7.8CVSS6.5AI score0.00167EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.7 views

Siemens S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2025-11412)

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfdelfgcrecordvtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and...

5.5CVSS4.8AI score0.00189EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.8 views

Siemens S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2025-7546)

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

7.8CVSS5.3AI score0.00172EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Siemens SCALANCE and RUGGEDCOM Use After Free (CVE-2025-4516)

There is an issue in CPython when using bytes.decodeunicodeescape, error=ignore|replace. If you are not using the unicodeescape encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in a try-...

5.9CVSS6.4AI score0.00171EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

EPSON Printers Improper Input Validation (CVE-2023-38556)

Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. Note Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in som...

7.5CVSS7.3AI score0.00644EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Hanwha Vision Camera Improper Privilege Management (CVE-2025-52599)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the...

6.5CVSS8.4AI score0.00212EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.8 views

Hanwha Vision Camera Use of Hard-coded Cryptographic Key (CVE-2025-52601)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

7.8CVSS8.5AI score0.00091EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Rockwell Automation Allen-Bradley Stratix 5950 Improper Access Control (CVE-2019-1649)

Cisco Systems, Inc. Cisco released an advisory regarding a vulnerability in the logic that handles access control to a hardware component in Cisco's proprietary Secure Boot implementation. If successfully exploited, an attacker could write a modified firmware image to the component. The...

7.2CVSS7AI score0.00611EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.7 views

Siemens Ruggedcom ROX Uncontrolled Resource Consumption (CVE-2018-12934)

rememberKtype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption aka OOM. This can occur during execution of cxxfilt. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

7.5CVSS7.1AI score0.03252EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.2 views

Siemens Ruggedcom ROX Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0850)

A vulnerability was found in linux kernel, where an information leak occurs via ext4extentheader to userspace. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

7.1CVSS6.4AI score0.00408EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.3 views

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56835)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

8.8CVSS7.6AI score0.00475EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.5 views

Siemens Ruggedcom ROX Missing Encryption of Sensitive Data (CVE-2023-28322)

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

5.3CVSS6.2AI score0.02211EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.5 views

Siemens Ruggedcom ROX Uncontrolled Resource Consumption (CVE-2024-7592)

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...

7.5CVSS6.8AI score0.02303EPSS
Exploits1References3
Rows per page
Query Builder