Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. id: CVE-2014-2908 info: name: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting author:...

Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

Siemens SIMATIC S7-1500 Incorrect Resource Transfer Between Spheres (CVE-2026-31431)

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28390)

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

Exploit for Uncontrolled Resource Consumption in Siemens Simatic_S7-1500_Cpu_1518F-4_Pn\/Dp_Mfp_Firmware

CVE-2023-44487 — HTTP/2 Rapid Reset Test Lab Educational envi...

CVE-2026-21916

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

CVE-2026-33779

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect t...

CVE-2026-21916

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

PT-2026-31754

Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system CVE: CVE-2026-33793 PT ID: PT-2026-31754 Vendor: Juniper networks Product: Junos OS CVSS: 7.8 Credits: n/a Description: An Execution with Unnecessary...

CVE-2026-4909

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

CVE-2026-4909 code-projects Exam Form Submission update_s7.php cross site scripting

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

CVE-2026-4909

CVE-2026-4909 affects code-projects Exam Form Submission 1.0, specifically the /admin/update_s7.php function where manipulation of the sname argument enables cross-site scripting. The vulnerability can be triggered remotely, and public exploits exist. The available connected documentation confirm...

Code-Projects Exam Form Submission 安全漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a security vulnerability. This vulnerability stems from improper handling of the parameter sname in the file admin/updates7.php, which may lead to...

PT-2026-28672

Name of the Vulnerable Software and Affected Versions code-projects Exam Form Submission version 1.0 Description A cross-site scripting issue exists due to the manipulation of the sname argument in the file '/admin/update s7.php'. The issue impacts an unknown function. The exploit has been public...

Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (CVE-2025-40943)

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right Read diagnostics, to import a specially crafted trace file. The malicious trace file is insufficiently sanitized...

Siemens SIMATIC S7-1500 Missing Release of Memory after Effective Lifetime (CVE-2025-38124)

In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skbsegment after pull from fraglist Commit a1e40ac5b5e9 net: gso: fix udp gso fraglist segmentation after pull from fraglist detected invalid geometry in fraglist skbs and redirects them from skbsegmentlist to mo...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2025-38222)

"In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4prepareinlinedata When running the following code on an ext4 filesystem with inlinedata feature enabled, it will lead to the bug below. fd = openfile1, ORDWR | OCREAT | OTRUNC, 0666...

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38466)

In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAPSYSADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but d...

Siemens SIMATIC S7-1500 Improper Input Validation(CVE-2025-38457)

In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...

Siemens SIMATIC S7-1500 Sensitive Cookie Without 'HttpOnly' Flag (CVE-2025-38477)

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...