EUVD-2026-36653

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

CISA: CISA and Partners Urge Hardening Automatic Tank Gauge Systems

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Department of Energy DOE, the Environmental Protection Agency EPA, the Transportation Security Administration TSA, the Department of Transportation DOT, and th...

Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan. Th...

RampoNN: A Reachability-Guided System Falsification for Efficient Cyber-Kinetic Vulnerability Detection

Detecting kinetic vulnerabilities in Cyber-Physical Systems CPS, vulnerabilities in control code that can precipitate hazardous physical consequences, is a critical challenge. This task is complicated by the need to analyze the intricate coupling between complex software behavior and the system's...

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

A never-before-seen threat activity cluster codenamed UNKSmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNKSmudgedSerpent...

CVE-2025-58428

CVE-2025-58428 affects Veeder-Root TLS4B ATG system. The vulnerability stems from the SOAP-based interface being accessible through the web services handler, which enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. Reported impact incl...

CVE-2025-55067 Integer Overflow or Wraparound in Veeder-Root TLS4B Automatic Tank Gauge System

The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...

CVE-2025-55067

The CVE concerns Veeder-Root TLS4B Automatic Tank Gauge (ATG) System and describes an integer wraparound/overflow when Unix time reaches the 2038 epoch. The core issue is improper handling of times beyond January 19, 2038, causing the system clock to roll back to December 13, 1901. Consequences d...

Veeder-Root TLS4B Automatic Tank Gauge System 输入验证错误漏洞

Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root USA. An input validation error vulnerability exists in the Veeder-Root TLS4B Automatic Tank Gauge System, which stems from improper handling of...

Veeder-Root TLS4B Automatic Tank Gauge System 命令注入漏洞

Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root, Inc. The Veeder-Root TLS4B Automatic Tank Gauge System suffers from a command injection vulnerability that stems from the SOAP interface being...

EUVD-2024-47963

Malicious code in bioql PyPI...

Dover Fueling Solutions多款产品 输入验证错误漏洞

Dover Fueling Solutions MAGLINK LX Console and more are products from Dover Fueling Solutions.The Dover Fueling Solutions MAGLINK LX Console is an integrated console for fuel stations and oil distribution. This console is designed to help manage the various operations of a fuel station, including...

Malicious code in mail-lesson-tank (npm)

The package mail-lesson-tank was found to contain malicious code...

Malicious code in spin-tank-spread (npm)

The package spin-tank-spread was found to contain malicious code...

MAL-2025-45105 Malicious code in mail-lesson-tank (npm)

The package mail-lesson-tank was found to contain malicious code...

MAL-2025-46131 Malicious code in spin-tank-spread (npm)

The package spin-tank-spread was found to contain malicious code...

CVE-2024-6981

OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication...

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge ATG systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread...

CVE-2024-6981

OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication...

CVE-2024-6981 OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function

OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication...