Lucene search
K

1792 matches found

Cvelist
Cvelist
added 9 hours ago5 views

CVE-2026-54429

A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced All versions. Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local networ...

7.4CVSS
Exploits0References1
CVE
CVE
added 9 hours ago9 views

CVE-2026-54429

The CVE-2026-54429 entry concerns SIMATIC S7-PLCSIM Advanced (All versions). The issue is that the application does not properly handle high-volume multicast network traffic, leading to memory exhaustion and a denial-of-service condition. This can be triggered by an unauthenticated attacker on th...

7.4CVSS6AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-43649

A vulnerability has been identified in SIMATIC S7-PLCSIM Advanced All versions. Affected devices do not properly handle high-volume multicast network traffic, which can exhaust available memory resources in the affected application. This could allow an unauthenticated attacker on the local networ...

7.4CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added 12 hours ago66 views

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. id: CVE-2014-2908 info: name: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting author:...

4.3CVSS6.2AI score0.2095EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-57054

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is...

6.9CVSS6AI score0.00347EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.8 views

Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25789)

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting a modified firmware file. This would result in malicious JavaScript execution in the context of the authenticated user's...

7.2CVSS7.3AI score0.00274EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.9 views

Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25787)

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the 'Motion Control Diagnostics' page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

9.3CVSS7.2AI score0.0037EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.7 views

Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25786)

Affected devices do not properly validate and sanitize PLC/station name rendered on the 'communication' parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...

9.3CVSS7.2AI score0.0037EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 12:31 a.m.6 views

EUVD-2026-40244

A heap buffer overflow in the TS7Worker::PerformFunctionWrite function /core/s7server.cpp of snap7 v1.4.3 allows attackers to cause a Denial of Service DoS via a crafted packet...

6.5CVSS6AI score0.00303EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS7.6AI score0.00631EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.15 views

Siemens SIMATIC S7-1500 Incorrect Resource Transfer Between Spheres (CVE-2026-31431)

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

7.8CVSS6.9AI score0.96267EPSS
Exploits230References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28390)

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/15 2:5 p.m.98 views

Exploit for Uncontrolled Resource Consumption in Siemens Simatic_S7-1500_Cpu_1518F-4_Pn\/Dp_Mfp_Firmware

CVE-2023-44487 — HTTP/2 Rapid Reset Test Lab Educational envi...

7.5CVSS7.1AI score0.99999EPSS
Exploits19
NVD
NVD
added 2026/04/09 10:16 p.m.16 views

CVE-2026-21916

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

7.3CVSS0.00129EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:30 p.m.4 views

CVE-2026-33779

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect t...

8.3CVSS5.9AI score0.00121EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:28 p.m.4 views

CVE-2026-21916

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

7.3CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.13 views

PT-2026-31754

Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system CVE: CVE-2026-33793 PT ID: PT-2026-31754 Vendor: Juniper networks Product: Junos OS CVSS: 7.8 Credits: n/a Description: An Execution with Unnecessary...

8.5CVSS5.9AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-4909

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

4.8CVSS4.4AI score0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 2:25 a.m.3 views

CVE-2026-4909 code-projects Exam Form Submission update_s7.php cross site scripting

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to t...

4.8CVSS4.4AI score0.00279EPSS
Exploits0References5
CVE
CVE
added 2026/03/27 2:25 a.m.22 views

CVE-2026-4909

CVE-2026-4909 affects code-projects Exam Form Submission 1.0, specifically the /admin/update_s7.php function where manipulation of the sname argument enables cross-site scripting. The vulnerability can be triggered remotely, and public exploits exist. The available connected documentation confirm...

4.8CVSS4.4AI score0.00279EPSS
Exploits0References5
Rows per page
Query Builder