4251 matches found
Deloitte AI Assist for Customer multiple vulnerabilities
RISK EVALUATION Deloitte AI Assist for Customer contained multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could read or write data to the RAG corpus or make limited modifications to configurations. 2. RECOMMENDED PRACTICES Use only the most recent available...
LibreBooking path traversal
RISK EVALUATION LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. 2. RECOMMENDED...
Superior Court of California Hearing Reminder Service unauthenticated information disclosure
RISK EVALUATION The Hearing Reminder Service for the Superior Court of California at https://www.hrs.courts.ca.gov exposes an API endpoint that returns sensitive court reminder records without authentication. 2. RECOMMENDED PRACTICES Fixed April 28th, 2026. 3. DESCRIPTION The Superior Court of...
Allwinner TV Box TV98 ADB exposed on network
RISK EVALUATION Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access. 2. RECOMMENDED PRACTICES Contact Allwinner. 3. DESCRIPTION Allwinner H616 TV Box TV98...
OpenPLC v3
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution...
Hydro-Québec Le Circuit Electrique charging station backend
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...
Digi International PortServer TS, Digi One SP IA
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...
Labcenter Proteus 9
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
FluxInk Color Management Driver local privilege escalation
RISK EVALUATION An attacker with a standard user account on a device could escalate their privileges via arbitrary physical memory mapping at \Device\PhysicalMemory. 2. RECOMMENDED PRACTICES Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK Hardware Lab...
Cloudflare Universal SSL CAA record override
RISK EVALUATION Cloudflare customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so...
CubeSpace CW0057 Reaction Wheel
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload arbitrary malicious firmware to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network...
ST Engineering iDirect iQ-Series Terminals
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Gardyn IoT Hub
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize...
Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is...
StoneFly Storage Concentrator
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. 2. RECOMMENDED...
Delta Electronics DVP12SE PLC
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to remotely issue commands, modify operational values, interfere with control logic, and alter device behavior without authentication or privilege enforcement. 2. RECOMMENDED PRACTICES CISA recommends users...
Frangoteam FUXA SCADA/HMI
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to enumerate all user accounts and role assignments on a FUXA SCADA/HMI instance. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
OFFIS DCMTK Toolkit
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to write files, access unauthorized information, exhaust memory, or crash affected DCMTK client or server processes. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...
Hitachi Energy PROMOD V
SUMMARY Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or...
Hitachi Energy e-mesh EMS
SUMMARY Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages denial of service and...
Siemens Mendix Studio Pro
SUMMARY Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user...
extract-zip unvalidated symlink path traversal
RISK EVALUATION extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the...
Delta Electronics DTM Soft
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...
Yokogawa FAST/TOOLS and CI Server
ADVISORY SUMMARY Successful exploitation of this vulnerability may return a response containing the CI Server setting information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...
OHIF Viewers DICOM
ADVISORY SUMMARY Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
H.VIEW HV-500S6 IP Camera
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code and upload malicious files to the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Horner Automation Cscape
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network...
pydicom pynetdicom Library
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure...
Daktronics Controller Firmware
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could could provide an unauthenticated user with complete root-level access and control of the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
EVoke Systems Charging Station Management System
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Hubbell Aclara Metrum Cellular Web Interface
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Webmin multiple vulnerabilities
RISK EVALUATION Webmin contains multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could impersonate and authenticate as any user. 2. RECOMMENDED PRACTICES Update to most recent available version of Webmin. 3. DESCRIPTION The Webmin HTTP server miniserv.pl allows...
U.S. GAO EPDS and CBCA EDS multiple vulnerabilities
RISK EVALUATION The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS contained multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could change all users'...
Rockwell Automation FactoryTalk Historian Site Edition
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
AzeoTech DAQFactory (Update A)
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
AVer PTC cameras
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or...
Mitsubishi Electric MELSEC iQ-F Series
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection...
Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time,...
ServerCo getssl ACME shell script path injection
RISK EVALUATION In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An...
Rockwell Automation FLEX I/O EtherNet/IP Adapters
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Rockwell Automation CompactLogix
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for...
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
ADVISORY SUMMARY Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault MNRF. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability...
RSLinx Classic Third-Party Vulnerability
ADVISORY SUMMARY Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Rockwell Automation FactoryTalk Analytics PavilionX
ADVISORY SUMMARY Successful exploitation of this vulnerability could result in an attacker executing privileged operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control...
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands to the robot fleet. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Brickcom Cameras
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds, retrieve sensitive visual information from affected premises, and obtain administrative control of the device. 2. RECOMMENDED PRACTICES...
Naxclow IoT Platform
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Impact of Linux Kernel vulnerabilities on B&R products
SUMMARY B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public...
XZ Utils vulnerability impacting B&R Products
SUMMARY An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. 2. FREQUENTLY ASKED QUESTIONS Could the vulnerability be...