Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the...

CVE-2025-25051 AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks...

CVE-2025-67652 AutomationDirect CLICK Programmable Logic Controller Weak Encoding for Password

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. The absence of robust encryption or secure handling mechanisms increases the likelihood of this type of exploitation, leavi...

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability stems from the exposure of...

AutomationDirect CLICK Programmable Logic Controller security vulnerability

The AutomationDirect CLICK Programmable Logic Controller is a programmable logic controller developed by the AutomationDirect company in the United States. The AutomationDirect CLICK Programmable Logic Controller has a security vulnerability. This vulnerability allows attackers to decrypt sensiti...

CVE-2026-20075

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...

PT-2026-3070

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...

PT-2025-53856

Name of the Vulnerable Software and Affected Versions DVP-12SE11T affected versions not specified Description Password protection on the DVP-12SE11T Programmable Logic Controller PLC can be bypassed remotely without authentication. This allows unauthorized access and potential manipulation of the...

CVE-2025-13970

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

PT-2025-51034

Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description The software is susceptible to a cross-site request forgery CSRF attack because of missing CSRF validation. An unauthenticated attacker can potentially trick a logged-in administrator into...

CVE-2022-50623 fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()

In the Linux kernel, the following vulnerability has been resolved: fpga: prevent integer overflow in dflfeatureioctlsetirq The "hdr.count sizeofs32" multiplication can overflow on 32 bit systems leading to memory corruption. Use arraysize to fix that...

EUVD-2025-200231

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'ShowMeterPasswords' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf'. The 'GetParametermeter' function retrieves the user input, which is directly incorporated...

EUVD-2025-200227

Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi' and then uses it as an index in the 'FilesDownload' array with '&FilesDownloadiVar2'. If the parameter is too large, it will access memory beyond...

CVE-2025-11784

CVE-2025-11784 affects Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In ShowMeterDatabase(), unlimited input from the meter parameter is copied into a fixed-size buffer using sprintf(), with GetParameter(meter) supplying the data. This constitutes a stack-based buffer overflow as no input size validatio...

CVE-2025-11782 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'ShowDownload' function uses “sprintf” to format a string that includes the user-controlled input of 'GetParametermeter' in the fixed-size buffer 'acStack4c' 64 bytes without checking the length. An attacker c...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-20367)

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table strtab. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

PT-2025-46427

Name of the Vulnerable Software and Affected Versions Intel oneAPI DPC++C++ Compiler FPGA Support Package versions prior to 2025.0.1 Description An uncontrolled search path issue exists in the FPGA Support Package for the Intel oneAPI DPC++C++ Compiler software. This issue, occurring within Ring ...

EUVD-2025-38443

Malicious code in telstraprogrammablenetworkapilib npm...

EUVD-2025-35735

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine...

EUVD-2025-35740

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...