{"resultsPerPage":241,"startIndex":0,"totalResults":241,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-30T20:33:37.343","vulnerabilities":[{"cve":{"id":"CVE-2017-7574","sourceIdentifier":"cve@mitre.org","published":"2017-04-06T21:59:00.307","lastModified":"2026-05-29T14:16:21.410","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product."},{"lang":"es","value":"Los dispositivos Schneider Electric SoMachine Basic 1.4 SP1 y Schneider Electric Modicon TM221CE16R 1.3.3.3 tienen una vulnerabilidad de clave codificada. La función Protección de proyectos se utiliza para evitar que usuarios no autorizados abran un archivo de proyecto protegido XML, solicitando al usuario una contraseña. Este archivo XML es AES-CBC cifrado; Sin embargo, no se puede cambiar la clave utilizada para el cifrado (SoMachineBasicSoMachineBasicSoMa). Después de descifrar el archivo XML con esta clave, la contraseña de usuario se puede encontrar en los datos descifrados. Después de leer la contraseña de usuario, el proyecto se puede abrir y modificar con el producto Schneider."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tm221ce16r_firmware:1.3.3.3:*:*:*:*:*:*:*","matchCriteriaId":"26C40BAF-2C91-4069-A62E-1B1E60BA1619"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tm221ce16r:-:*:*:*:*:*:*:*","matchCriteriaId":"00715571-AC4B-4B1F-8E65-385B56F2004C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:somachine:1.4:sp1:*:*:*:*:*:*","matchCriteriaId":"85698ADE-078B-4461-BA24-C88BB16C6E50"}]}]}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-01","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/97518","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://os-s.net/advisories/OSS-2017-02.pdf","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/97518","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://os-s.net/advisories/OSS-2017-02.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2017-7575","sourceIdentifier":"cve@mitre.org","published":"2017-04-06T21:59:00.337","lastModified":"2026-05-29T14:16:21.647","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \\x00\\x01\\x00\\x00\\x00\\x05\\x01\\x5a\\x00\\x03\\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded."},{"lang":"es","value":"Los dispositivos Schneider Electric Modicon TM221CE16R 1.3.3.3 permiten a atacantes remotos descubrir la contraseña de protección de la aplicación a través de una solicitud \\x00\\x01\\x00\\x00\\x00\\x05\\x01\\x5a\\x00\\x03\\x00 al puerto Modbus (502/tcp). Posteriormente la aplicación puede descargarse, modificarse y cargarse arbitrariamente."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tm221ce16r_firmware:1.3.3.3:*:*:*:*:*:*:*","matchCriteriaId":"26C40BAF-2C91-4069-A62E-1B1E60BA1619"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tm221ce16r:-:*:*:*:*:*:*:*","matchCriteriaId":"00715571-AC4B-4B1F-8E65-385B56F2004C"}]}]}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/97523","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://os-s.net/advisories/OSS-2017-01.pdf","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/97523","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://os-s.net/advisories/OSS-2017-01.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6030","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-06-30T03:29:00.390","lastModified":"2026-05-29T14:16:20.503","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections."},{"lang":"es","value":"Un problema de Rango de Valor Predecible de Valores Anteriores fue detectado en PLCs Modicon M221, versiones de firmware anteriores a 1.5.0.0, Modicon M241, versiones de firmware anteriores a la 4.0.5.11, y Modicon M251, versiones de firmware anteriores a la 4.0.5.11 de Schneider Electric. Los productos afectados generan números de secuencia inicial TCP de aleatoriedad insuficientemente que pueden permitir a un atacante predecir los números de los valores anteriores. Esto puede permitir a un atacante suplantar o interrumpir las conexiones TCP."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-343"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-331"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m241_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.3.20","matchCriteriaId":"9CA3FF3A-9145-4DAD-BAD6-D55C97E182AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m241:-:*:*:*:*:*:*:*","matchCriteriaId":"4D8FD9D9-F59F-470E-9F7F-CDDD80B0633C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m251_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.3.20","matchCriteriaId":"6FDB0710-FB7F-4346-9EEC-4C75ECEA0A1E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m251:-:*:*:*:*:*:*:*","matchCriteriaId":"B8E03A25-B0B6-4BA2-80BC-52C16A6837E0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.1.5","matchCriteriaId":"68FB877A-87E1-4DE9-B758-8CEA1BE1456F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/97254","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/97254","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2018-7789","sourceIdentifier":"cybersecurity@se.com","published":"2018-08-29T20:29:00.343","lastModified":"2026-05-29T15:16:16.070","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames."},{"lang":"es","value":"Existe una vulnerabilidad de comprobación incorrecta de condiciones inusuales o excepcionales en el producto Modicon M221, de Schneider Electric (todas las referencias y todas las versiones anteriores al firmware V1.6.2.0). La vulnerabilidad permite que usuarios no autorizados reinicien Modicon M221 remotamente mediante frames manipulados del protocolo de programación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-754"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.2.0","matchCriteriaId":"55D26878-E5EB-4537-A252-34B3EBB758CC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105171","source":"cybersecurity@se.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02","source":"cybersecurity@se.com","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/","source":"cybersecurity@se.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105171","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-240-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-233-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2018-7790","sourceIdentifier":"cybersecurity@se.com","published":"2018-08-29T21:29:01.070","lastModified":"2026-05-29T15:16:16.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC."},{"lang":"es","value":"Existe una vulnerabilidad de error de gestión de información en el producto Modicon M221, de Schneider Electric (todas las referencias y todas las versiones anteriores al firmware V1.6.2.0). La vulnerabilidad permite que usuarios no autorizados reproduzcan secuencias de autenticación. Si un atacante explota la vulnerabilidad y se conecta a Modicon M221, el atacante puede subir el programa original desde el PLC."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-294"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-294"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.2.0","matchCriteriaId":"55D26878-E5EB-4537-A252-34B3EBB758CC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105182","source":"cybersecurity@se.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/","source":"cybersecurity@se.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105182","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2018-7791","sourceIdentifier":"cybersecurity@se.com","published":"2018-08-29T21:29:01.180","lastModified":"2026-05-29T15:16:16.447","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC."},{"lang":"es","value":"Existe una vulnerabilidad de permisos, privilegios y control de acceso en el producto Modicon M221, de Schneider Electric (todas las referencias y todas las versiones anteriores al firmware V1.6.2.0). La vulnerabilidad permite que usuarios no autorizados sobrescriban la contraseña original con su contraseña. Si un atacante explota la vulnerabilidad y sobrescribe la contraseña, el atacante puede subir el programa original desde el PLC."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.2.0","matchCriteriaId":"55D26878-E5EB-4537-A252-34B3EBB758CC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105182","source":"cybersecurity@se.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/","source":"cybersecurity@se.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105182","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2018-7792","sourceIdentifier":"cybersecurity@se.com","published":"2018-08-29T21:29:01.273","lastModified":"2026-05-29T15:16:16.623","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."},{"lang":"es","value":"Existe una vulnerabilidad de permisos, privilegios y control de acceso en el producto Modicon M221, de Schneider Electric (todas las referencias y todas las versiones anteriores al firmware V1.6.2.0). La vulnerabilidad permite que usuarios no autorizados descifren la contraseña mediante tablas rainbow."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.2.0","matchCriteriaId":"55D26878-E5EB-4537-A252-34B3EBB758CC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105182","source":"cybersecurity@se.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/","source":"cybersecurity@se.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105182","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2018-7798","sourceIdentifier":"cybersecurity@se.com","published":"2018-11-02T17:29:00.680","lastModified":"2026-05-29T15:16:16.993","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device."},{"lang":"es","value":"Existe una vulnerabilidad de verificación insuficiente de autenticidad de datos (CWE-345) en Modicon Modicon M221, todas las versiones, lo que podría provocar un cambio en la configuración IPv4 (dirección IP, máscara y puerta de enlace) al conectarse remotamente al dispositivo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*","matchCriteriaId":"2BCEA269-6242-41FD-B141-F72CAFC8F114"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105970","source":"cybersecurity@se.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/","source":"cybersecurity@se.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105970","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-270-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2018-7821","sourceIdentifier":"cybersecurity@se.com","published":"2019-05-22T20:29:01.043","lastModified":"2026-05-29T15:16:17.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated."},{"lang":"es","value":"Existe una vulnerabilidad de entorno (CWE-2) en SoMachine Basic, todas las versiones, y Modicon M221 (todas las referencias, todas las versiones anteriores al firmware V1.10.0.0), que podría generar un impacto en el tiempo del ciclo al inundar la interfaz ethernet M221 mientras que el  adaptador Ethernet/IP está activado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*","matchCriteriaId":"2BCEA269-6242-41FD-B141-F72CAFC8F114"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.0.0","matchCriteriaId":"F757A52E-2401-4A09-B53E-73135C5289A1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2018-7852","sourceIdentifier":"cybersecurity@se.com","published":"2019-05-22T20:29:01.900","lastModified":"2026-05-29T15:16:17.330","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus."},{"lang":"es","value":"CWE-248: Existe una vulnerabilidad de Excepción no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podría provocar una Denegación de Servicio cuando se envía un parámetro de comando privado no válido hacia el controlador sobre protocolo Modbus."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-755"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D52D735D-8AB5-40FE-A83F-266977601571"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*","matchCriteriaId":"E876C738-ABF6-4864-98A6-1E06E96A0DF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"05CBA9AD-ECB7-453F-8551-DD176FDE8043"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*","matchCriteriaId":"138681A2-0146-492B-8E10-06849FC27C6E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"745CC7A7-70FB-4551-8EBF-600B7A6236D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*","matchCriteriaId":"A9B7CEF7-B9BA-4923-808F-DA2931569EBB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"619CFD8D-9652-4AAB-AFC4-796B3F10F61F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*","matchCriteriaId":"F00936E2-E6EF-4ABF-8666-7D83BE424F42"}]}]}],"references":[{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763","source":"cybersecurity@se.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2019-6819","sourceIdentifier":"cybersecurity@se.com","published":"2019-05-22T20:29:02.090","lastModified":"2026-05-29T15:16:17.517","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium."},{"lang":"es","value":"Una CWE-754: Existe una vulnerabilidad de Comprobación Inapropiada  para condiciones inusuales o excepcionales, que podría generar una posible Denegación de Servicio cuando se envían tramas Modbus específicas hacia el controlador en los productos: Modicon M340 - versiones de firmware anteriores a la V3.01, Modicon M580 - versiones de firmware anteriores a V2.80, y todas las versiones de firmware de Modicon Quantum y Modicon Premium."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.01","matchCriteriaId":"606AFE88-8C9A-4D18-9209-1193B628669F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*","matchCriteriaId":"178D2338-E48E-493C-992F-337AACE794DE"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*","matchCriteriaId":"69222495-4F18-434E-B86C-F63C5A2C1242"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*","matchCriteriaId":"6D150239-27E2-4CBE-A931-5107C15E362F"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*","matchCriteriaId":"98212CF5-BCF4-4A55-B62A-484569687B4E"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*","matchCriteriaId":"D30336F0-EDCF-486C-B52E-D0C53BCDFC65"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*","matchCriteriaId":"99F2F851-C18F-4CB8-B47C-516F2AC7955D"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*","matchCriteriaId":"56BAED8B-EEFA-45D7-A5A3-9B62067CE24C"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*","matchCriteriaId":"354968F7-C41B-4C21-8E47-81DC07DF0EA5"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*","matchCriteriaId":"32091F91-9397-4506-8801-C68B9E8B60F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*","matchCriteriaId":"075A16D1-F4DF-4DCB-8DF9-152E282CE01F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.80","matchCriteriaId":"6FDEB227-D50B-402C-9C11-E29F52BC10BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*","matchCriteriaId":"4E6E5E62-BBA8-4370-A232-8E1196757C3E"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*","matchCriteriaId":"9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*","matchCriteriaId":"E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*","matchCriteriaId":"63D48211-A734-4F98-A4D5-569268335757"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*","matchCriteriaId":"38D22DD5-677B-42E8-AE1F-11601D4BF110"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"79907FE7-B4B0-4732-9287-B7ED13115F6C"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*","matchCriteriaId":"2317F260-7AA2-4178-B468-03DF36223E26"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7DDC42-37A1-43B0-AD46-2E0D098564BA"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*","matchCriteriaId":"765E4FEE-255E-4C47-824A-5661B84B490B"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FEA377-3C45-4F88-B233-088A24BD0771"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*","matchCriteriaId":"EBCCDD6D-35CE-4680-8B0C-86584B1D8958"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*","matchCriteriaId":"68FD5968-C522-4231-A98C-93D3101B6148"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*","matchCriteriaId":"BBC38FF1-693E-4899-883C-1B7B80A52F2C"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*","matchCriteriaId":"002E7F33-6729-4C35-9DDA-7D8383BD5668"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*","matchCriteriaId":"47DFEBAC-2F1D-4870-8425-2199BF80B425"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*","matchCriteriaId":"FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"6222C1F8-BE52-4666-B7F5-2E8BBC214F70"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*","matchCriteriaId":"5376D9F4-8AFB-4909-A11B-33C54C4220DB"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*","matchCriteriaId":"CADB178B-FEFD-48A9-B155-0E8F6D490229"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*","matchCriteriaId":"6B3C1879-269B-47EB-891B-EF2E90C911D7"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"745CC7A7-70FB-4551-8EBF-600B7A6236D7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*","matchCriteriaId":"A9B7CEF7-B9BA-4923-808F-DA2931569EBB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"619CFD8D-9652-4AAB-AFC4-796B3F10F61F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*","matchCriteriaId":"F00936E2-E6EF-4ABF-8666-7D83BE424F42"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/109004","source":"cybersecurity@se.com","tags":["Broken Link"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/109004","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2019-6829","sourceIdentifier":"cybersecurity@se.com","published":"2019-09-17T20:15:12.203","lastModified":"2026-05-29T15:16:17.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus."},{"lang":"es","value":"Una CWE-248: Se presenta una vulnerabilidad de Excepción No Capturada en Modicon M580 (versión de firmware anterior a V2.90) y Modicon M340 (versión de firmware anterior a V3.10), lo que podría causar una posible denegación de servicio durante la escritura en direcciones específicas de memoria  en el controlador sobre protocolo Modbus."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-248"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.90","matchCriteriaId":"B9C5B0D1-D3A4-468A-807E-6BB3F98CC116"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*","matchCriteriaId":"E876C738-ABF6-4864-98A6-1E06E96A0DF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.10","matchCriteriaId":"3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*","matchCriteriaId":"138681A2-0146-492B-8E10-06849FC27C6E"}]}]}],"references":[{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2018-7794","sourceIdentifier":"cybersecurity@se.com","published":"2020-01-06T23:15:10.893","lastModified":"2026-05-29T15:16:16.790","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."},{"lang":"es","value":"CWE-754: Existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad para versiones específicas) que podría causar una Denegación de Servicio cuando se leen datos con índice no válido usando Modbus TCP."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.80","matchCriteriaId":"6FDEB227-D50B-402C-9C11-E29F52BC10BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*","matchCriteriaId":"E876C738-ABF6-4864-98A6-1E06E96A0DF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.01","matchCriteriaId":"606AFE88-8C9A-4D18-9209-1193B628669F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*","matchCriteriaId":"138681A2-0146-492B-8E10-06849FC27C6E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxh5744m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"6F6FF401-ED15-45EE-9A84-171166BF4414"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxh5744m:-:*:*:*:*:*:*:*","matchCriteriaId":"8B57B894-5AA4-4412-B425-7338CB2FFA3C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxh5724m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"70CD95A2-9FAE-4A7E-8331-8904C0E0CE3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxh5724m:-:*:*:*:*:*:*:*","matchCriteriaId":"C1F56BA4-6A19-44FB-8555-7360C77F83AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp576634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"E5EEE1F8-0DCA-4D18-A022-5DBE980F3A16"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp576634m:-:*:*:*:*:*:*:*","matchCriteriaId":"71146321-B31B-4C5B-A600-2E414D84916E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57554m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"ED646076-2294-4253-92BF-B95D5D5E87A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57554m:-:*:*:*:*:*:*:*","matchCriteriaId":"5572E616-5D86-46FF-AEA7-4A12E66F0ED4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp575634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"98B1574C-2FC7-4A3C-B260-D8372A268F4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*","matchCriteriaId":"57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57454m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"853895C6-5EDF-4767-9653-F5F7826B4A7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57454m:-:*:*:*:*:*:*:*","matchCriteriaId":"CC537593-1AB7-438E-AB71-EDB469A1DFF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp574634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"EC9FBA4C-DA99-4F22-9168-ECD281B090C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*","matchCriteriaId":"FE60505D-0211-4E8C-B32C-988E25698B1E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57354m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"DD7766E8-40EB-4C72-8234-C8D997F98F6C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57354m:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE46047-D9AF-4720-A130-A0F989423F82"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp573634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"C9246F10-84D1-4AE0-BF1A-B61EA1E965A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp573634m:-:*:*:*:*:*:*:*","matchCriteriaId":"80500883-2825-46DD-8ED9-4F324A4494CC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57304m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"889586D3-B64F-42DA-8872-DD44C9790881"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57304m:-:*:*:*:*:*:*:*","matchCriteriaId":"B5FDBAB3-C8C2-47F6-ACAA-B89BA53849B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57254m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"B6EBCADE-8F8C-402B-8FB6-62237168E788"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57254m:-:*:*:*:*:*:*:*","matchCriteriaId":"57B75D71-11CA-4DDF-849A-08A9D84C95AC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp572634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"33E3F062-3874-4EB6-829B-285B428E982E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp572634m:-:*:*:*:*:*:*:*","matchCriteriaId":"EA2094F4-976F-44FA-A7E5-93E20A80DA00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57204m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"43BE3D1E-5F7D-409F-A932-073D5A566180"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57204m_:-:*:*:*:*:*:*:*","matchCriteriaId":"0E25651C-E4B5-47A2-A6CE-79F7ECAE246E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp571634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"D1DEF9B5-6BC0-43A7-AD74-81F9D23BA843"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp571634m:-:*:*:*:*:*:*:*","matchCriteriaId":"31A5DCC8-9E3D-4919-9DE3-73FC8733E73D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57154m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"4E358F77-1F8F-4F2F-A54C-B5F2373EFEE6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57154m:-:*:*:*:*:*:*:*","matchCriteriaId":"5CC8F0AB-C4A8-40B3-88E0-92F52EA05692"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57104m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"56724F0C-2DA8-4710-9D82-EE51FA9B062C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57104m:-:*:*:*:*:*:*:*","matchCriteriaId":"587226C6-6BE2-4A42-B593-34498F647B24"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"97C6F04E-FEF7-4DA4-A819-7E4C3DA173F9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"EC3E5496-C3D0-4DF4-A9AF-F227F889840E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"E9552C20-F295-4AB7-A44E-FB1072BAD1B3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"1BB8ACFC-C693-4C5A-B256-51FF0835FD69"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7304B0-EE18-454B-B3F0-5EF387285D90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"370F0F62-AA12-496B-8107-EEC24B070621"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*","matchCriteriaId":"164AEEA1-666F-428A-BFCB-5DEEEFE1D771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67060_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"06F31148-8213-4B01-AA48-D9D7C515E38A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67060:-:*:*:*:*:*:*:*","matchCriteriaId":"8AF2A7A3-89EF-480D-8E6E-20E11CF60A97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67160_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"D6E3B57D-062A-431D-B96F-28463DE757DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67160:-:*:*:*:*:*:*:*","matchCriteriaId":"3870E952-7A32-43DA-8C66-DE43C862639B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"370F0F62-AA12-496B-8107-EEC24B070621"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*","matchCriteriaId":"164AEEA1-666F-428A-BFCB-5DEEEFE1D771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67260_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"108BA75E-B7B4-4A51-9DB8-B928154DD51A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67260:-:*:*:*:*:*:*:*","matchCriteriaId":"C9E4FCBA-4980-4C8F-A185-5E9C4CF9E8B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65860_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"C4D81FBC-7C66-4367-8A0F-7F96C09A56A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*","matchCriteriaId":"9B8230FD-0C0A-467C-9BAD-09257739D462"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67861_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"4419CB2D-AABC-4F77-9C75-42ABA62CBA6B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67861:-:*:*:*:*:*:*:*","matchCriteriaId":"CF97B5A6-960F-42BA-A397-09C819A3200C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65160s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"D793BE48-1025-4C6C-8E7D-82E013DDDE5D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*","matchCriteriaId":"95E48F27-F241-4491-AFF7-8BD562F21A52"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67160s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"41654852-0E58-46CC-A734-F59FE9B83990"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67160s:-:*:*:*:*:*:*:*","matchCriteriaId":"71C1C17A-9111-49B8-A2CE-3A2FB87616F1"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-344-01","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-344-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2019-6856","sourceIdentifier":"cybersecurity@se.com","published":"2020-01-06T23:15:11.317","lastModified":"2026-05-29T15:16:17.880","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."},{"lang":"es","value":"CWE-754: existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad para versiones específicas) que podría causar una Denegación de Servicio cuando se escriben bloques de memoria física específicos usando Modbus TCP."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.80","matchCriteriaId":"6FDEB227-D50B-402C-9C11-E29F52BC10BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*","matchCriteriaId":"E876C738-ABF6-4864-98A6-1E06E96A0DF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.01","matchCriteriaId":"606AFE88-8C9A-4D18-9209-1193B628669F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*","matchCriteriaId":"138681A2-0146-492B-8E10-06849FC27C6E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxh5744m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"6F6FF401-ED15-45EE-9A84-171166BF4414"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxh5744m:-:*:*:*:*:*:*:*","matchCriteriaId":"8B57B894-5AA4-4412-B425-7338CB2FFA3C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxh5724m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"70CD95A2-9FAE-4A7E-8331-8904C0E0CE3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxh5724m:-:*:*:*:*:*:*:*","matchCriteriaId":"C1F56BA4-6A19-44FB-8555-7360C77F83AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp576634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"E5EEE1F8-0DCA-4D18-A022-5DBE980F3A16"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp576634m_:-:*:*:*:*:*:*:*","matchCriteriaId":"7F683564-419D-418B-A4D5-BB203F709DD7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57554m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"ED646076-2294-4253-92BF-B95D5D5E87A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57554m:-:*:*:*:*:*:*:*","matchCriteriaId":"5572E616-5D86-46FF-AEA7-4A12E66F0ED4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp575634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"98B1574C-2FC7-4A3C-B260-D8372A268F4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*","matchCriteriaId":"57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57454m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"853895C6-5EDF-4767-9653-F5F7826B4A7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57454m:-:*:*:*:*:*:*:*","matchCriteriaId":"CC537593-1AB7-438E-AB71-EDB469A1DFF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp574634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"EC9FBA4C-DA99-4F22-9168-ECD281B090C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*","matchCriteriaId":"FE60505D-0211-4E8C-B32C-988E25698B1E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57354m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"DD7766E8-40EB-4C72-8234-C8D997F98F6C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57354m:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE46047-D9AF-4720-A130-A0F989423F82"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp573634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"C9246F10-84D1-4AE0-BF1A-B61EA1E965A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp573634m:-:*:*:*:*:*:*:*","matchCriteriaId":"80500883-2825-46DD-8ED9-4F324A4494CC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57304m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"889586D3-B64F-42DA-8872-DD44C9790881"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57304m:-:*:*:*:*:*:*:*","matchCriteriaId":"B5FDBAB3-C8C2-47F6-ACAA-B89BA53849B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57254m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"B6EBCADE-8F8C-402B-8FB6-62237168E788"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57254m:-:*:*:*:*:*:*:*","matchCriteriaId":"57B75D71-11CA-4DDF-849A-08A9D84C95AC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp572634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"33E3F062-3874-4EB6-829B-285B428E982E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp572634m:-:*:*:*:*:*:*:*","matchCriteriaId":"EA2094F4-976F-44FA-A7E5-93E20A80DA00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57204m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"43BE3D1E-5F7D-409F-A932-073D5A566180"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57204m_:-:*:*:*:*:*:*:*","matchCriteriaId":"0E25651C-E4B5-47A2-A6CE-79F7ECAE246E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp571634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"D1DEF9B5-6BC0-43A7-AD74-81F9D23BA843"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp571634m:-:*:*:*:*:*:*:*","matchCriteriaId":"31A5DCC8-9E3D-4919-9DE3-73FC8733E73D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57154m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"4E358F77-1F8F-4F2F-A54C-B5F2373EFEE6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57154m:-:*:*:*:*:*:*:*","matchCriteriaId":"5CC8F0AB-C4A8-40B3-88E0-92F52EA05692"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57104m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"56724F0C-2DA8-4710-9D82-EE51FA9B062C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57104m:-:*:*:*:*:*:*:*","matchCriteriaId":"587226C6-6BE2-4A42-B593-34498F647B24"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"97C6F04E-FEF7-4DA4-A819-7E4C3DA173F9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"EC3E5496-C3D0-4DF4-A9AF-F227F889840E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"E9552C20-F295-4AB7-A44E-FB1072BAD1B3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"1BB8ACFC-C693-4C5A-B256-51FF0835FD69"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7304B0-EE18-454B-B3F0-5EF387285D90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"370F0F62-AA12-496B-8107-EEC24B070621"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*","matchCriteriaId":"164AEEA1-666F-428A-BFCB-5DEEEFE1D771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67060_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"06F31148-8213-4B01-AA48-D9D7C515E38A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67060:-:*:*:*:*:*:*:*","matchCriteriaId":"8AF2A7A3-89EF-480D-8E6E-20E11CF60A97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67160_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"D6E3B57D-062A-431D-B96F-28463DE757DF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67160:-:*:*:*:*:*:*:*","matchCriteriaId":"3870E952-7A32-43DA-8C66-DE43C862639B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"370F0F62-AA12-496B-8107-EEC24B070621"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*","matchCriteriaId":"164AEEA1-666F-428A-BFCB-5DEEEFE1D771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67260_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"108BA75E-B7B4-4A51-9DB8-B928154DD51A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67260:-:*:*:*:*:*:*:*","matchCriteriaId":"C9E4FCBA-4980-4C8F-A185-5E9C4CF9E8B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65860_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"C4D81FBC-7C66-4367-8A0F-7F96C09A56A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*","matchCriteriaId":"9B8230FD-0C0A-467C-9BAD-09257739D462"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67861_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"4419CB2D-AABC-4F77-9C75-42ABA62CBA6B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67861:-:*:*:*:*:*:*:*","matchCriteriaId":"CF97B5A6-960F-42BA-A397-09C819A3200C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65160s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"D793BE48-1025-4C6C-8E7D-82E013DDDE5D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*","matchCriteriaId":"95E48F27-F241-4491-AFF7-8BD562F21A52"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67160s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.52","matchCriteriaId":"41654852-0E58-46CC-A734-F59FE9B83990"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67160s:-:*:*:*:*:*:*:*","matchCriteriaId":"71C1C17A-9111-49B8-A2CE-3A2FB87616F1"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-344-01","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-016-01","source":"cybersecurity@se.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-344-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-016-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2019-6857","sourceIdentifier":"cybersecurity@se.com","published":"2020-01-06T23:15:11.377","lastModified":"2026-05-29T15:16:18.080","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."},{"lang":"es","value":"CWE-754: Hay una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad para versiones específicas) que podría causar una Denegación de Servicio del controlador cuando se leen bloques de memoria específicos usando Modbus TCP."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.80","matchCriteriaId":"6FDEB227-D50B-402C-9C11-E29F52BC10BB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*","matchCriteriaId":"E876C738-ABF6-4864-98A6-1E06E96A0DF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.01","matchCriteriaId":"606AFE88-8C9A-4D18-9209-1193B628669F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*","matchCriteriaId":"138681A2-0146-492B-8E10-06849FC27C6E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxh5744m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"6F6FF401-ED15-45EE-9A84-171166BF4414"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxh5744m:-:*:*:*:*:*:*:*","matchCriteriaId":"8B57B894-5AA4-4412-B425-7338CB2FFA3C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxh5724m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"70CD95A2-9FAE-4A7E-8331-8904C0E0CE3D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxh5724m:-:*:*:*:*:*:*:*","matchCriteriaId":"C1F56BA4-6A19-44FB-8555-7360C77F83AF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp576634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"E5EEE1F8-0DCA-4D18-A022-5DBE980F3A16"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp576634m_:-:*:*:*:*:*:*:*","matchCriteriaId":"7F683564-419D-418B-A4D5-BB203F709DD7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57554m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"ED646076-2294-4253-92BF-B95D5D5E87A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57554m:-:*:*:*:*:*:*:*","matchCriteriaId":"5572E616-5D86-46FF-AEA7-4A12E66F0ED4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp575634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"98B1574C-2FC7-4A3C-B260-D8372A268F4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*","matchCriteriaId":"57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57454m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"853895C6-5EDF-4767-9653-F5F7826B4A7E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57454m:-:*:*:*:*:*:*:*","matchCriteriaId":"CC537593-1AB7-438E-AB71-EDB469A1DFF7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp574634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"EC9FBA4C-DA99-4F22-9168-ECD281B090C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*","matchCriteriaId":"FE60505D-0211-4E8C-B32C-988E25698B1E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57354m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"DD7766E8-40EB-4C72-8234-C8D997F98F6C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57354m:-:*:*:*:*:*:*:*","matchCriteriaId":"FAE46047-D9AF-4720-A130-A0F989423F82"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp573634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"C9246F10-84D1-4AE0-BF1A-B61EA1E965A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp573634m:-:*:*:*:*:*:*:*","matchCriteriaId":"80500883-2825-46DD-8ED9-4F324A4494CC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57304m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"889586D3-B64F-42DA-8872-DD44C9790881"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57304m:-:*:*:*:*:*:*:*","matchCriteriaId":"B5FDBAB3-C8C2-47F6-ACAA-B89BA53849B9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57254m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"B6EBCADE-8F8C-402B-8FB6-62237168E788"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57254m:-:*:*:*:*:*:*:*","matchCriteriaId":"57B75D71-11CA-4DDF-849A-08A9D84C95AC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp572634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"33E3F062-3874-4EB6-829B-285B428E982E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp572634m:-:*:*:*:*:*:*:*","matchCriteriaId":"EA2094F4-976F-44FA-A7E5-93E20A80DA00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57204m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"43BE3D1E-5F7D-409F-A932-073D5A566180"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57204m_:-:*:*:*:*:*:*:*","matchCriteriaId":"0E25651C-E4B5-47A2-A6CE-79F7ECAE246E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp571634m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"D1DEF9B5-6BC0-43A7-AD74-81F9D23BA843"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp571634m:-:*:*:*:*:*:*:*","matchCriteriaId":"31A5DCC8-9E3D-4919-9DE3-73FC8733E73D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57154m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"4E358F77-1F8F-4F2F-A54C-B5F2373EFEE6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57154m:-:*:*:*:*:*:*:*","matchCriteriaId":"5CC8F0AB-C4A8-40B3-88E0-92F52EA05692"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:tsxp57104m_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.20","matchCriteriaId":"56724F0C-2DA8-4710-9D82-EE51FA9B062C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tsxp57104m:-:*:*:*:*:*:*:*","matchCriteriaId":"587226C6-6BE2-4A42-B593-34498F647B24"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"1C81EF48-8A20-48A4-9601-512800EC4770"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"EC3E5496-C3D0-4DF4-A9AF-F227F889840E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"B71AB2E0-FE0C-4ABE-B443-2DE3C271909E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"7DE05725-46D0-4058-B5FB-743B3F353285"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7304B0-EE18-454B-B3F0-5EF387285D90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"AD28EA1B-C90C-4764-BAE4-CB3314C053E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*","matchCriteriaId":"164AEEA1-666F-428A-BFCB-5DEEEFE1D771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67060_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"90499B24-178F-47E0-8B02-434B47C748EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67060:-:*:*:*:*:*:*:*","matchCriteriaId":"8AF2A7A3-89EF-480D-8E6E-20E11CF60A97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67160_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"41678F69-BE37-401E-ADD2-87B919767020"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67160:-:*:*:*:*:*:*:*","matchCriteriaId":"3870E952-7A32-43DA-8C66-DE43C862639B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67261_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"AD28EA1B-C90C-4764-BAE4-CB3314C053E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67261:-:*:*:*:*:*:*:*","matchCriteriaId":"164AEEA1-666F-428A-BFCB-5DEEEFE1D771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67260_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"EBA6F869-D33E-4510-A292-CB41BAB41129"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67260:-:*:*:*:*:*:*:*","matchCriteriaId":"C9E4FCBA-4980-4C8F-A185-5E9C4CF9E8B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65860_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"CDC8ABE1-DE6C-485D-9149-F09C5045B40C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65860:-:*:*:*:*:*:*:*","matchCriteriaId":"9B8230FD-0C0A-467C-9BAD-09257739D462"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67861_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"ED500E27-ADAC-467A-9D63-DFB073748525"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67861:-:*:*:*:*:*:*:*","matchCriteriaId":"CF97B5A6-960F-42BA-A397-09C819A3200C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu65160s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"A7B10B14-841E-4F8B-94A2-6F0807ED53E9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu65160s:-:*:*:*:*:*:*:*","matchCriteriaId":"95E48F27-F241-4491-AFF7-8BD562F21A52"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:140cpu67160s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.60","matchCriteriaId":"3EBB9390-E2A9-4F52-A2C5-924C41C1886E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:140cpu67160s:-:*:*:*:*:*:*:*","matchCriteriaId":"71C1C17A-9111-49B8-A2CE-3A2FB87616F1"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-344-01","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-016-01","source":"cybersecurity@se.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2019-344-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.us-cert.gov/ics/advisories/icsa-20-016-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2020-7562","sourceIdentifier":"cybersecurity@se.com","published":"2020-11-18T14:15:12.377","lastModified":"2026-05-29T14:16:21.857","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP."},{"lang":"es","value":"CWE-125: Una vulnerabilidad Lectura Fuera de Límites se presenta en el Servidor Web en las ofertas Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de Comunicación (consulte la notificación para obtener más detalles) que podría causar un fallo de segmentación o un desbordamiento del búfer al cargar un archivo especialmente diseñado en el controlador por medio de FTP"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxety4103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8BB30B97-9E87-451D-8CE9-13A8234C64AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxety4103:-:*:*:*:*:*:*:*","matchCriteriaId":"F7E65D97-CE1A-4A45-A0C2-19294C52E51D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxety5103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"507A5F22-A607-4B1B-BCFF-FB17B27DDAA1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxety5103:-:*:*:*:*:*:*:*","matchCriteriaId":"E1528A76-4289-4DF3-97A2-D37A3DF904C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp574634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"954CC47A-6118-4840-92C1-085B6A8BB3AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp574634:-:*:*:*:*:*:*:*","matchCriteriaId":"F168A1AA-14CA-4271-9779-A8A8A894F6C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp575634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"58A6C886-15CD-4E65-A41C-ADB378537CEC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp575634:-:*:*:*:*:*:*:*","matchCriteriaId":"9BB67F62-534E-4011-85EB-A854E80D5C51"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp576634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E6A18442-8172-4611-8796-E7C6786B2D54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp576634:-:*:*:*:*:*:*:*","matchCriteriaId":"56843A77-4F72-4C1E-B535-1936B98DC067"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"BA478F7F-4F17-4B92-B2B6-66F406471579"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noe77101:-:*:*:*:*:*:*:*","matchCriteriaId":"820638DC-323D-4187-8468-2495C1505860"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"743CDF67-BC0B-45A4-841D-076C049913E7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noe77111:-:*:*:*:*:*:*:*","matchCriteriaId":"4C5587FE-4270-490C-BFE7-6DFC2B7AFE79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noc78100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB8B2F06-7208-4B9F-8645-E615BCBC3F41"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noc78100:-:*:*:*:*:*:*:*","matchCriteriaId":"41D30C1F-F8C6-4B4A-8F62-C4F5B22E485C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"25D62146-B69B-4706-975A-8721B06BEE8E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"7E3446A5-69F7-4270-93E2-CD5614970698"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"10D13B75-6AF9-445F-9B06-19FD678CD388"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*","matchCriteriaId":"08FE0C5D-3132-48AD-92EB-B7C4277C1FAA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"784CC7A2-6A89-4C53-8ED4-7A21824D2C62"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*","matchCriteriaId":"DC9D2D4D-558B-424E-AB04-429C83F06DB7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"5F7792A2-5BDB-4F33-ADB8-2D4B6309088A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F1B7C-7972-463E-930E-F359A402DAF5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"90E09554-8011-4B23-8D35-61843D485DC4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2010:-:*:*:*:*:*:*:*","matchCriteriaId":"A76270E2-D48F-4149-9A97-76F3C5749723"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"750F0C04-9948-4D0B-ADF3-1A8F5EEE1DCB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2030:-:*:*:*:*:*:*:*","matchCriteriaId":"7FA6EC11-5E37-4534-908F-D3424AE01C79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C493290F-1375-4C2B-BCCC-A12D4FDFE8AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noc_0401:-:*:*:*:*:*:*:*","matchCriteriaId":"00B8A86F-B257-49D9-AB43-3B9A28B543BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"3B8C54D9-2E50-4271-98A4-865991AAA4CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100:-:*:*:*:*:*:*:*","matchCriteriaId":"28A486F8-6C88-43FA-B3BB-CE4AAFE9F5D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB39549A-8ACF-447D-A13A-A124AF25889E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100h:-:*:*:*:*:*:*:*","matchCriteriaId":"C1BDFEB0-C3B6-4329-A663-7EAA9124249F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"00D579C2-65B6-4602-862A-2EE9F89AE239"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110:-:*:*:*:*:*:*:*","matchCriteriaId":"BE415EC8-0F4B-4B21-8D10-91AFAA6DA4A3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D51906B0-8DC5-4393-9331-5A66F8A51801"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110h:-:*:*:*:*:*:*:*","matchCriteriaId":"B4688DE1-369B-4726-8492-3FB65C682646"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"02B853AA-1A4C-4AA1-91C0-60A88DA27107"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_nor_0200h:-:*:*:*:*:*:*:*","matchCriteriaId":"1F283DEA-90D9-4EA5-9A1E-E62BE704D620"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-7563","sourceIdentifier":"cybersecurity@se.com","published":"2020-11-18T14:15:13.017","lastModified":"2026-05-29T14:16:22.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP."},{"lang":"es","value":"CWE-787: Una vulnerabilidad de escritura fuera de límites se presenta en el Servidor Web de unas ofertas de Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de Comunicación (véase la notificación para más detalles) que podría causar una corrupción de datos, un bloqueo o una ejecución de código al cargar un archivo especialmente diseñado en el controlador por medio de FTP"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxety4103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8BB30B97-9E87-451D-8CE9-13A8234C64AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxety4103:-:*:*:*:*:*:*:*","matchCriteriaId":"F7E65D97-CE1A-4A45-A0C2-19294C52E51D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxety5103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"507A5F22-A607-4B1B-BCFF-FB17B27DDAA1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxety5103:-:*:*:*:*:*:*:*","matchCriteriaId":"E1528A76-4289-4DF3-97A2-D37A3DF904C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp574634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"954CC47A-6118-4840-92C1-085B6A8BB3AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp574634:-:*:*:*:*:*:*:*","matchCriteriaId":"F168A1AA-14CA-4271-9779-A8A8A894F6C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp575634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"58A6C886-15CD-4E65-A41C-ADB378537CEC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp575634:-:*:*:*:*:*:*:*","matchCriteriaId":"9BB67F62-534E-4011-85EB-A854E80D5C51"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp576634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E6A18442-8172-4611-8796-E7C6786B2D54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp576634:-:*:*:*:*:*:*:*","matchCriteriaId":"56843A77-4F72-4C1E-B535-1936B98DC067"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"BA478F7F-4F17-4B92-B2B6-66F406471579"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noe77101:-:*:*:*:*:*:*:*","matchCriteriaId":"820638DC-323D-4187-8468-2495C1505860"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"743CDF67-BC0B-45A4-841D-076C049913E7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noe77111:-:*:*:*:*:*:*:*","matchCriteriaId":"4C5587FE-4270-490C-BFE7-6DFC2B7AFE79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noc78100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB8B2F06-7208-4B9F-8645-E615BCBC3F41"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noc78100:-:*:*:*:*:*:*:*","matchCriteriaId":"41D30C1F-F8C6-4B4A-8F62-C4F5B22E485C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"25D62146-B69B-4706-975A-8721B06BEE8E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"7E3446A5-69F7-4270-93E2-CD5614970698"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"10D13B75-6AF9-445F-9B06-19FD678CD388"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*","matchCriteriaId":"08FE0C5D-3132-48AD-92EB-B7C4277C1FAA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"784CC7A2-6A89-4C53-8ED4-7A21824D2C62"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*","matchCriteriaId":"DC9D2D4D-558B-424E-AB04-429C83F06DB7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"5F7792A2-5BDB-4F33-ADB8-2D4B6309088A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F1B7C-7972-463E-930E-F359A402DAF5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"90E09554-8011-4B23-8D35-61843D485DC4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2010:-:*:*:*:*:*:*:*","matchCriteriaId":"A76270E2-D48F-4149-9A97-76F3C5749723"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"750F0C04-9948-4D0B-ADF3-1A8F5EEE1DCB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2030:-:*:*:*:*:*:*:*","matchCriteriaId":"7FA6EC11-5E37-4534-908F-D3424AE01C79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C493290F-1375-4C2B-BCCC-A12D4FDFE8AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noc_0401:-:*:*:*:*:*:*:*","matchCriteriaId":"00B8A86F-B257-49D9-AB43-3B9A28B543BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"3B8C54D9-2E50-4271-98A4-865991AAA4CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100:-:*:*:*:*:*:*:*","matchCriteriaId":"28A486F8-6C88-43FA-B3BB-CE4AAFE9F5D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB39549A-8ACF-447D-A13A-A124AF25889E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100h:-:*:*:*:*:*:*:*","matchCriteriaId":"C1BDFEB0-C3B6-4329-A663-7EAA9124249F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"00D579C2-65B6-4602-862A-2EE9F89AE239"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110:-:*:*:*:*:*:*:*","matchCriteriaId":"BE415EC8-0F4B-4B21-8D10-91AFAA6DA4A3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D51906B0-8DC5-4393-9331-5A66F8A51801"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110h:-:*:*:*:*:*:*:*","matchCriteriaId":"B4688DE1-369B-4726-8492-3FB65C682646"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"02B853AA-1A4C-4AA1-91C0-60A88DA27107"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_nor_0200h:-:*:*:*:*:*:*:*","matchCriteriaId":"1F283DEA-90D9-4EA5-9A1E-E62BE704D620"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-7564","sourceIdentifier":"cybersecurity@se.com","published":"2020-11-18T14:15:13.363","lastModified":"2026-05-29T14:16:22.227","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP."},{"lang":"es","value":"CWE-120: Una vulnerabilidad de Copia de búfer sin Comprobar el Tamaño de la Entrada (\"Classic Buffer Overflow\") se presenta en el Servidor Web de unas ofertas de Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de Comunicación (véase la notificación para más detalles) que podría causar acceso de escritura y una ejecución de comandos al cargar un archivo especialmente diseñado en el controlador por medio de FTP"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxety4103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8BB30B97-9E87-451D-8CE9-13A8234C64AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxety4103:-:*:*:*:*:*:*:*","matchCriteriaId":"F7E65D97-CE1A-4A45-A0C2-19294C52E51D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxety5103_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"507A5F22-A607-4B1B-BCFF-FB17B27DDAA1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxety5103:-:*:*:*:*:*:*:*","matchCriteriaId":"E1528A76-4289-4DF3-97A2-D37A3DF904C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp574634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"954CC47A-6118-4840-92C1-085B6A8BB3AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp574634:-:*:*:*:*:*:*:*","matchCriteriaId":"F168A1AA-14CA-4271-9779-A8A8A894F6C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp575634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"58A6C886-15CD-4E65-A41C-ADB378537CEC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp575634:-:*:*:*:*:*:*:*","matchCriteriaId":"9BB67F62-534E-4011-85EB-A854E80D5C51"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_tsxp576634_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E6A18442-8172-4611-8796-E7C6786B2D54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_tsxp576634:-:*:*:*:*:*:*:*","matchCriteriaId":"56843A77-4F72-4C1E-B535-1936B98DC067"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noe77101_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"BA478F7F-4F17-4B92-B2B6-66F406471579"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noe77101:-:*:*:*:*:*:*:*","matchCriteriaId":"820638DC-323D-4187-8468-2495C1505860"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noe77111_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"743CDF67-BC0B-45A4-841D-076C049913E7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noe77111:-:*:*:*:*:*:*:*","matchCriteriaId":"4C5587FE-4270-490C-BFE7-6DFC2B7AFE79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140noc78100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB8B2F06-7208-4B9F-8645-E615BCBC3F41"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140noc78100:-:*:*:*:*:*:*:*","matchCriteriaId":"41D30C1F-F8C6-4B4A-8F62-C4F5B22E485C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"25D62146-B69B-4706-975A-8721B06BEE8E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"7E3446A5-69F7-4270-93E2-CD5614970698"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65150c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"10D13B75-6AF9-445F-9B06-19FD678CD388"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*","matchCriteriaId":"08FE0C5D-3132-48AD-92EB-B7C4277C1FAA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"784CC7A2-6A89-4C53-8ED4-7A21824D2C62"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*","matchCriteriaId":"DC9D2D4D-558B-424E-AB04-429C83F06DB7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_quantum_140cpu65160_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"5F7792A2-5BDB-4F33-ADB8-2D4B6309088A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F1B7C-7972-463E-930E-F359A402DAF5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"90E09554-8011-4B23-8D35-61843D485DC4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2010:-:*:*:*:*:*:*:*","matchCriteriaId":"A76270E2-D48F-4149-9A97-76F3C5749723"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"750F0C04-9948-4D0B-ADF3-1A8F5EEE1DCB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2030:-:*:*:*:*:*:*:*","matchCriteriaId":"7FA6EC11-5E37-4534-908F-D3424AE01C79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noc_0401_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C493290F-1375-4C2B-BCCC-A12D4FDFE8AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noc_0401:-:*:*:*:*:*:*:*","matchCriteriaId":"00B8A86F-B257-49D9-AB43-3B9A28B543BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"3B8C54D9-2E50-4271-98A4-865991AAA4CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100:-:*:*:*:*:*:*:*","matchCriteriaId":"28A486F8-6C88-43FA-B3BB-CE4AAFE9F5D9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0100h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB39549A-8ACF-447D-A13A-A124AF25889E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0100h:-:*:*:*:*:*:*:*","matchCriteriaId":"C1BDFEB0-C3B6-4329-A663-7EAA9124249F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"00D579C2-65B6-4602-862A-2EE9F89AE239"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110:-:*:*:*:*:*:*:*","matchCriteriaId":"BE415EC8-0F4B-4B21-8D10-91AFAA6DA4A3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_noe_0110h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"D51906B0-8DC5-4393-9331-5A66F8A51801"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_noe_0110h:-:*:*:*:*:*:*:*","matchCriteriaId":"B4688DE1-369B-4726-8492-3FB65C682646"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmx_nor_0200h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"02B853AA-1A4C-4AA1-91C0-60A88DA27107"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmx_nor_0200h:-:*:*:*:*:*:*:*","matchCriteriaId":"1F283DEA-90D9-4EA5-9A1E-E62BE704D620"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2020-7565","sourceIdentifier":"cybersecurity@se.com","published":"2020-11-19T22:15:14.943","lastModified":"2026-05-29T14:16:22.400","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller."},{"lang":"es","value":"CWE-326:  Se presenta una vulnerabilidad de Fortaleza de Cifrado Inadecuada en Modicon M221 (todas las referencias, todas las versiones) que podría permitir al atacante romper la clave de cifrado cuando el atacante haya capturado el tráfico entre EcoStruxure Machine - Software básico y el controlador Modicon M221"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:P/I:P/A:N","baseScore":4.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":5.5,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m221_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D7AC7A26-CCFA-40E0-8111-5A3385D34E8B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*","matchCriteriaId":"BB0D83F4-B718-47AB-AFB8-B576CB138AAC"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","source":"cybersecurity@se.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2020-315-05/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22701","sourceIdentifier":"cybersecurity@se.com","published":"2021-02-19T16:15:12.937","lastModified":"2026-05-29T14:16:22.573","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface."},{"lang":"es","value":"Una CWE-352: Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery en PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 y PM800 (consulte la notificación para las versiones afectadas), que podría causar que un usuario lleve a cabo una acción no deseada en el dispositivo de destino cuando se usa la interfaz web HTTP"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"DCE7015C-02DD-44A1-ADEE-5E71CE312266"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*","matchCriteriaId":"C8F28EAA-FC60-4CE0-BD39-DFD3EB88E195"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7410:-:*:*:*:*:*:*:*","matchCriteriaId":"C23FEAFC-9F15-4214-BF9C-A33130362110"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C1647241-A18D-4E4C-A118-8809EA625FC7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7650:-:*:*:*:*:*:*:*","matchCriteriaId":"0DF2D964-79EF-43F2-9AC6-D263F75BAFA0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB6B0276-AB51-4B8F-B2A7-85EDD56C9E7C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8600:-:*:*:*:*:*:*:*","matchCriteriaId":"324CF58A-753C-4D9C-8E72-FC8EE26EDA0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"4.31.2","matchCriteriaId":"5D91486A-36CD-49A9-8A45-EDAA75F05E50"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*","matchCriteriaId":"FBC3A306-D4F4-4C2A-9D60-DD8F0826AEEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C95DCE16-BAA5-46DD-835B-2299376387CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*","matchCriteriaId":"46E8E79E-6DA7-4094-9622-3B91D5913493"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"32067EA8-5153-4A00-9DE8-C4BEC42C00A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*","matchCriteriaId":"6718EAAA-074D-4807-AC2D-DD0A06D397FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"E5A75862-E1AC-4C6E-83AD-DE5FCD8BA50D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*","matchCriteriaId":"B16A7BEC-1BED-4A61-A6C9-BF7DB13B998C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"1047C892-B7F5-49FB-AB36-8E8061A58037"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8300:-:*:*:*:*:*:*:*","matchCriteriaId":"F01E9FE2-4110-4A6D-99F3-49784808D951"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"70BAC583-6101-4F26-A264-26E5D69E9188"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8400:-:*:*:*:*:*:*:*","matchCriteriaId":"82527983-6167-4D7B-A70A-D1A814ED3D06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"768FB179-B6D7-457C-9795-310400460F6E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8500:-:*:*:*:*:*:*:*","matchCriteriaId":"75E37742-CFF9-4F80-9B6A-0D4F5AD23112"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2021-040-01/","source":"cybersecurity@se.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2021-040-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22702","sourceIdentifier":"cybersecurity@se.com","published":"2021-02-19T16:15:13.077","lastModified":"2026-05-29T14:16:22.757","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device."},{"lang":"es","value":"A CWE-319: Se presenta una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 y PM800 (consulte la notificación para las versiones afectadas), que podría causar una divulgación de credenciales de usuario cuando un actor malicioso intercepta el tráfico de red Telnet entre un usuario y el dispositivo"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"DCE7015C-02DD-44A1-ADEE-5E71CE312266"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*","matchCriteriaId":"C8F28EAA-FC60-4CE0-BD39-DFD3EB88E195"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C1647241-A18D-4E4C-A118-8809EA625FC7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7650:-:*:*:*:*:*:*:*","matchCriteriaId":"0DF2D964-79EF-43F2-9AC6-D263F75BAFA0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion7700_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"08CA14DE-656C-4D60-986B-FE149560FC2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7700:-:*:*:*:*:*:*:*","matchCriteriaId":"07312E20-FF8A-4BD2-AB8D-AEA01B984AFE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion7300_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"36D4CF8E-053E-42CD-8A8D-EBCFD52A7266"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7300:-:*:*:*:*:*:*:*","matchCriteriaId":"F527180F-F818-4D4C-A0BF-F10C8B53B9C4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB6B0276-AB51-4B8F-B2A7-85EDD56C9E7C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8600:-:*:*:*:*:*:*:*","matchCriteriaId":"324CF58A-753C-4D9C-8E72-FC8EE26EDA0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"4.31.2","matchCriteriaId":"5D91486A-36CD-49A9-8A45-EDAA75F05E50"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*","matchCriteriaId":"FBC3A306-D4F4-4C2A-9D60-DD8F0826AEEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C95DCE16-BAA5-46DD-835B-2299376387CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*","matchCriteriaId":"46E8E79E-6DA7-4094-9622-3B91D5913493"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"32067EA8-5153-4A00-9DE8-C4BEC42C00A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*","matchCriteriaId":"6718EAAA-074D-4807-AC2D-DD0A06D397FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"E5A75862-E1AC-4C6E-83AD-DE5FCD8BA50D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*","matchCriteriaId":"B16A7BEC-1BED-4A61-A6C9-BF7DB13B998C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"1047C892-B7F5-49FB-AB36-8E8061A58037"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8300:-:*:*:*:*:*:*:*","matchCriteriaId":"F01E9FE2-4110-4A6D-99F3-49784808D951"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"70BAC583-6101-4F26-A264-26E5D69E9188"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8400:-:*:*:*:*:*:*:*","matchCriteriaId":"82527983-6167-4D7B-A70A-D1A814ED3D06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"768FB179-B6D7-457C-9795-310400460F6E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8500:-:*:*:*:*:*:*:*","matchCriteriaId":"75E37742-CFF9-4F80-9B6A-0D4F5AD23112"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2021-040-01/","source":"cybersecurity@se.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2021-040-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22703","sourceIdentifier":"cybersecurity@se.com","published":"2021-02-19T16:15:13.157","lastModified":"2026-05-29T14:16:22.920","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device."},{"lang":"es","value":"Una CWE-319: Se presenta una vulnerabilidad de transmisión de información confidencial en texto sin cifrar en PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 y PM800 (consulte la notificación para las versiones afectadas), que podría causar una divulgación de las credenciales del usuario cuando un actor malicioso intercepta el tráfico de red HTTP entre un usuario y el dispositivo"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion7400_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"DCE7015C-02DD-44A1-ADEE-5E71CE312266"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7400:-:*:*:*:*:*:*:*","matchCriteriaId":"C8F28EAA-FC60-4CE0-BD39-DFD3EB88E195"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion7650_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C1647241-A18D-4E4C-A118-8809EA625FC7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion7650:-:*:*:*:*:*:*:*","matchCriteriaId":"0DF2D964-79EF-43F2-9AC6-D263F75BAFA0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8600_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DB6B0276-AB51-4B8F-B2A7-85EDD56C9E7C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8600:-:*:*:*:*:*:*:*","matchCriteriaId":"324CF58A-753C-4D9C-8E72-FC8EE26EDA0D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8650_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"4.31.2","matchCriteriaId":"5D91486A-36CD-49A9-8A45-EDAA75F05E50"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8650:-:*:*:*:*:*:*:*","matchCriteriaId":"FBC3A306-D4F4-4C2A-9D60-DD8F0826AEEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8800_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C95DCE16-BAA5-46DD-835B-2299376387CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8800:-:*:*:*:*:*:*:*","matchCriteriaId":"46E8E79E-6DA7-4094-9622-3B91D5913493"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion9000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"32067EA8-5153-4A00-9DE8-C4BEC42C00A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion9000:-:*:*:*:*:*:*:*","matchCriteriaId":"6718EAAA-074D-4807-AC2D-DD0A06D397FB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm8000_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.0","matchCriteriaId":"E5A75862-E1AC-4C6E-83AD-DE5FCD8BA50D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm8000:-:*:*:*:*:*:*:*","matchCriteriaId":"B16A7BEC-1BED-4A61-A6C9-BF7DB13B998C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8300_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"1047C892-B7F5-49FB-AB36-8E8061A58037"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8300:-:*:*:*:*:*:*:*","matchCriteriaId":"F01E9FE2-4110-4A6D-99F3-49784808D951"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8400_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"70BAC583-6101-4F26-A264-26E5D69E9188"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8400:-:*:*:*:*:*:*:*","matchCriteriaId":"82527983-6167-4D7B-A70A-D1A814ED3D06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_ion8500_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"768FB179-B6D7-457C-9795-310400460F6E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_ion8500:-:*:*:*:*:*:*:*","matchCriteriaId":"75E37742-CFF9-4F80-9B6A-0D4F5AD23112"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2021-040-01/","source":"cybersecurity@se.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2021-040-01/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-29241","sourceIdentifier":"cve@mitre.org","published":"2021-05-03T14:15:07.633","lastModified":"2026-05-29T15:16:20.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS)."},{"lang":"es","value":"CODESYS Gateway versiones 3 anteriores a 3.5.16.70 tiene una derivación de puntero NULL que puede resultar en una denegación de servicio (DoS)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_for_beaglebone_sl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.0.1.0","matchCriteriaId":"C182D390-3A29-4048-805B-F00AF40E7353"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_for_empc-a\\/imx6_sl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.0.1.0","matchCriteriaId":"4FE1E73E-5A65-4C33-973D-B5E4D997AC7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_for_iot2000_sl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.0.1.0","matchCriteriaId":"94EF5004-D1D7-449D-9D99-92FC273FFF1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_for_linux_sl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.0.1.0","matchCriteriaId":"7E9AF0BE-05EC-4411-802B-331EA6B0E54E"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_for_pfc100_sl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.5.16.0","matchCriteriaId":"83B749C0-A553-42AB-AFCF-91F990BAA765"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_for_pfc200_sl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.5.16.0","matchCriteriaId":"C13DE019-B415-4373-8FC2-54A2898F50EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.0.1.0","matchCriteriaId":"763C9946-EFD7-469C-9D40-4186FE650F6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.5.16.70","matchCriteriaId":"035E43A5-7350-4B06-B3AA-40DD3A673BA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:development_system:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.5.16.70","matchCriteriaId":"B35F55F6-2032-4F5A-AC3A-76835C043D7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:windows:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.5.16.70","matchCriteriaId":"02017CB2-3E3C-4F89-B1DA-C8E8213BC8C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:edge_gateway:*:*:*:*:*:linux:*:*","versionStartIncluding":"3.0","versionEndExcluding":"4.1.0.0","matchCriteriaId":"FFBA19D6-9436-4E14-B9D3-28B82CB0321D"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.5.16.70","matchCriteriaId":"671DF92A-D4CB-44E4-B4FD-781D3561FDAB"}]}]}],"references":[{"url":"https://customers.codesys.com/index.php","source":"cve@mitre.org","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download=","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.codesys.com/security/security-reports.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://customers.codesys.com/index.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14637&token=8dbd75ae7553ae3be25e22f741db783b31e14799&download=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.codesys.com/security/security-reports.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22763","sourceIdentifier":"cybersecurity@se.com","published":"2021-06-11T16:15:10.320","lastModified":"2026-05-29T14:16:23.090","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device."},{"lang":"es","value":"Un CWE-640: Se presenta un Mecanismo Débil de Recuperación de Contraseñas para Contraseñas Olvidadas en PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 y PowerLogic EGX300 (véase la notificación de seguridad para obtener información sobre la versión) que podría permitir a un atacante el acceso a nivel de administrador a un dispositivo"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.8","matchCriteriaId":"0F8EC9ED-1E27-40B8-84A8-F66BC9FD0803"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm5560:-:*:*:*:*:*:*:*","matchCriteriaId":"6DDB1B76-3862-462E-B55D-875EBE508B92"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm5561_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.7.3","matchCriteriaId":"EE3EFC50-39EA-4029-9713-9D191357DD29"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm5561:-:*:*:*:*:*:*:*","matchCriteriaId":"00D6C9E0-7DB3-4742-86F0-3430E99D1B1D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm5562_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5.4","matchCriteriaId":"FDBB46A2-4EAD-41DA-AC02-5E985EB755A1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm5562:-:*:*:*:*:*:*:*","matchCriteriaId":"55D7896E-3EFA-4632-B0D2-273084D56936"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm5563_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.8","matchCriteriaId":"4E870589-0ADF-4B76-89CF-2D36F5C61CF0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm5563:-:*:*:*:*:*:*:*","matchCriteriaId":"C5D4C9C4-C258-453B-85E4-893978D6C499"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm8ecc_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"064A8AD3-3657-4E66-8A7E-397DAF03BC96"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm8ecc:-:*:*:*:*:*:*:*","matchCriteriaId":"38BF2D7A-492B-4A0C-A841-A245C5657192"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf","source":"cybersecurity@se.com"},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2021-22764","sourceIdentifier":"cybersecurity@se.com","published":"2021-06-11T16:15:10.390","lastModified":"2026-05-29T14:16:23.283","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request."},{"lang":"es","value":"Un CWE-287: Se presenta una vulnerabilidad de autenticación inapropiada en PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 y PowerLogic EGX300 (véase la notificación de seguridad para obtener información sobre la versión) que podría causar la pérdida de conectividad con el dispositivo por medio del protocolo Modbus TCP cuando un atacante envía una petición HTTP especialmente diseñada"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm5560_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.8","matchCriteriaId":"0F8EC9ED-1E27-40B8-84A8-F66BC9FD0803"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm5560:-:*:*:*:*:*:*:*","matchCriteriaId":"6DDB1B76-3862-462E-B55D-875EBE508B92"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm5561_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"10.7.3","matchCriteriaId":"EE3EFC50-39EA-4029-9713-9D191357DD29"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm5561:-:*:*:*:*:*:*:*","matchCriteriaId":"00D6C9E0-7DB3-4742-86F0-3430E99D1B1D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm5562_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5.4","matchCriteriaId":"FDBB46A2-4EAD-41DA-AC02-5E985EB755A1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm5562:-:*:*:*:*:*:*:*","matchCriteriaId":"55D7896E-3EFA-4632-B0D2-273084D56936"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_pm5563_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.8","matchCriteriaId":"4E870589-0ADF-4B76-89CF-2D36F5C61CF0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm5563:-:*:*:*:*:*:*:*","matchCriteriaId":"C5D4C9C4-C258-453B-85E4-893978D6C499"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf","source":"cybersecurity@se.com"},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2021-22765","sourceIdentifier":"cybersecurity@se.com","published":"2021-06-11T16:15:10.457","lastModified":"2026-05-29T15:16:18.290","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cybersecurity@se.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet"},{"lang":"es","value":"** NO COMPATIBLE CUANDO SE ASIGNÓ ** UN CWE-20: Se presenta una vulnerabilidad de comprobación inapropiada de la entrada en PowerLogic EGX100 (versiones 3.0.0 y posteriores) y PowerLogic EGX300 (todas las versiones) que podría provocar una denegación de servicio o una ejecución de código remota por medio de un paquete HTTP especialmente diseñado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_egx100_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","matchCriteriaId":"29A55C4C-0D14-4C55-ABBC-83280E221DE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_egx100:-:*:*:*:*:*:*:*","matchCriteriaId":"FE28A3BC-AD07-48F1-9DB9-65616A9399B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_egx300_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9CB9B239-F219-4DF4-B53B-4DCE38F3205F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_egx300:-:*:*:*:*:*:*:*","matchCriteriaId":"59A033CD-1DBC-44A4-9C56-1F97C3F40C6F"}]}]}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22766","sourceIdentifier":"cybersecurity@se.com","published":"2021-06-11T16:15:10.523","lastModified":"2026-05-29T15:16:18.500","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cybersecurity@se.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet"},{"lang":"es","value":"** NO COMPATIBLE CUANDO SE ASIGNÓ ** UN CWE-20: Se presenta una vulnerabilidad de comprobación inapropiada de la entrada en PowerLogic EGX100 (versiones 3.0.0 y posteriores) y PowerLogic EGX300 (todas las versiones) que podría causar una denegación de servicio por medio de un paquete HTTP especialmente diseñado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_egx100_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","matchCriteriaId":"29A55C4C-0D14-4C55-ABBC-83280E221DE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_egx100:-:*:*:*:*:*:*:*","matchCriteriaId":"FE28A3BC-AD07-48F1-9DB9-65616A9399B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_egx300_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9CB9B239-F219-4DF4-B53B-4DCE38F3205F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_egx300:-:*:*:*:*:*:*:*","matchCriteriaId":"59A033CD-1DBC-44A4-9C56-1F97C3F40C6F"}]}]}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22767","sourceIdentifier":"cybersecurity@se.com","published":"2021-06-11T16:15:10.593","lastModified":"2026-05-29T15:16:18.660","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cybersecurity@se.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276"},{"lang":"es","value":"** NO COMPATIBLE CUANDO SE ASIGNÓ ** UN CWE-20: Se presenta una vulnerabilidad de comprobación inapropiada de la entrada en PowerLogic EGX100 (versiones 3.0.0 y posteriores) y PowerLogic EGX300 (todas las versiones) que podría causar una denegación de servicio o una ejecución de código remota por medio de un paquete HTTP especialmente diseñado. Este ID de CVE es diferente de CVE-2021-22768"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_egx100_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","matchCriteriaId":"29A55C4C-0D14-4C55-ABBC-83280E221DE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_egx100:-:*:*:*:*:*:*:*","matchCriteriaId":"FE28A3BC-AD07-48F1-9DB9-65616A9399B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_egx300_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9CB9B239-F219-4DF4-B53B-4DCE38F3205F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_egx300:-:*:*:*:*:*:*:*","matchCriteriaId":"59A033CD-1DBC-44A4-9C56-1F97C3F40C6F"}]}]}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22768","sourceIdentifier":"cybersecurity@se.com","published":"2021-06-11T16:15:10.663","lastModified":"2026-05-29T15:16:18.830","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cybersecurity@se.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767"},{"lang":"es","value":"** NO COMPATIBLE CUANDO SE ASIGNÓ ** UN CWE-20: Se presenta una vulnerabilidad de comprobación inapropiada de la entrada en PowerLogic EGX100 (versiones 3.0.0 y posteriores) y PowerLogic EGX300 (todas las versiones) que podría causar una denegación de servicio o una ejecución de código remota por medio de un paquete HTTP especialmente diseñado. Este ID de CVE es diferente de CVE-2021-22767"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_egx100_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","matchCriteriaId":"29A55C4C-0D14-4C55-ABBC-83280E221DE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_egx100:-:*:*:*:*:*:*:*","matchCriteriaId":"FE28A3BC-AD07-48F1-9DB9-65616A9399B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:powerlogic_egx300_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"9CB9B239-F219-4DF4-B53B-4DCE38F3205F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_egx300:-:*:*:*:*:*:*:*","matchCriteriaId":"59A033CD-1DBC-44A4-9C56-1F97C3F40C6F"}]}]}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22779","sourceIdentifier":"cybersecurity@se.com","published":"2021-07-14T15:15:08.240","lastModified":"2026-05-29T15:16:18.987","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller."},{"lang":"es","value":"Se presenta una vulnerabilidad de Omisión de Autenticación por Spoofing en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluyendo todas las versiones de Unity Pro), EcoStruxure Control Expert versión V15.0 SP1, EcoStruxure Process Expert (todas las versiones, incluyendo todas las versiones de EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (todas las versiones), Modicon M580 CPU (todas las versiones - números de parte BMEP* y BMEH*), Modicon M340 CPU (todas las versiones - números de parte BMXP34*), que podría causar un acceso no autorizado en modo de lectura y escritura al controlador mediante el spoofing de la comunicación Modbus entre el software de ingeniería y el controlador"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*","versionEndExcluding":"15.0","matchCriteriaId":"43140BF9-455B-4E3C-BF5E-BB9BBF9802D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*","matchCriteriaId":"A9BF2D84-901E-4D34-941F-FFAB85B0E9D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1:*:*:*:*:*:*","matchCriteriaId":"939C02B6-B5C5-4F87-8179-4AFFE13FCFD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*","matchCriteriaId":"FD97669F-93D5-42C4-BFC4-1993867F5911"},{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*","matchCriteriaId":"2D7E0B75-171E-4A73-B722-13473CE1B9D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"49646E6C-381F-495B-A5E8-8F522571D4AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*","matchCriteriaId":"2317F260-7AA2-4178-B468-03DF36223E26"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"2F472ED1-8FE6-43BC-A4FF-E956D17ED427"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7DDC42-37A1-43B0-AD46-2E0D098564BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"3F1315A8-FDEE-487F-BA66-A99745783911"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*","matchCriteriaId":"765E4FEE-255E-4C47-824A-5661B84B490B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"F543A095-B798-4C5B-A2B6-DF893191EAC3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FEA377-3C45-4F88-B233-088A24BD0771"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"71823B23-C4E6-40EC-AC9C-2EABFDAFE498"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*","matchCriteriaId":"EBCCDD6D-35CE-4680-8B0C-86584B1D8958"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"3BDD13AD-681C-4C7D-82D5-3017FB3BE852"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*","matchCriteriaId":"68FD5968-C522-4231-A98C-93D3101B6148"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"B782A209-0612-4CA1-8438-6653D75F452C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"43B3DF32-480E-4CE1-9396-B33CD5F63A22"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*","matchCriteriaId":"BBC38FF1-693E-4899-883C-1B7B80A52F2C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"EA09FB51-0FDC-4457-8ED6-A963CAB97DF4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*","matchCriteriaId":"002E7F33-6729-4C35-9DDA-7D8383BD5668"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"A9C82569-7D6C-4FD9-B5BB-2E9576FDFB0E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*","matchCriteriaId":"47DFEBAC-2F1D-4870-8425-2199BF80B425"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"1DC98F7D-BDCC-4CF1-BA80-55EA68C5DDB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*","matchCriteriaId":"FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"CB7741EA-7955-4FC6-BE64-23EFBB0E3DC6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"6222C1F8-BE52-4666-B7F5-2E8BBC214F70"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"252FA576-D00F-4BF2-871D-291D209B443C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*","matchCriteriaId":"5376D9F4-8AFB-4909-A11B-33C54C4220DB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"2786E51E-B042-4DEF-98CE-C46F381D468C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*","matchCriteriaId":"CADB178B-FEFD-48A9-B155-0E8F6D490229"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"0D9E6C74-FAEE-49D3-807B-7F8416C12725"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*","matchCriteriaId":"6B3C1879-269B-47EB-891B-EF2E90C911D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"B182E938-6B50-4F3A-BAF6-AD2637E31E43"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8C610F17-FD8F-425E-A169-47EA7E6E8A0A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*","matchCriteriaId":"F484F8BB-60B5-4045-92C3-0C2A0CD4107E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"355FFF2A-2B69-4340-AC49-257C0DC63B70"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*","matchCriteriaId":"F4F0F823-89EA-451D-81DC-07AACA039371"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"777E63F4-CC75-4D68-98CC-896C58EBDD5A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"610AE743-9FD1-4149-AD45-3B1DAE268BF9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"BF0ACFD6-D1EE-4C25-A307-2E3FB67F4A20"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*","matchCriteriaId":"77116949-1141-432D-964B-29A759939E8F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"AB46DD56-7A06-428C-97CB-E01C22BC8214"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*","matchCriteriaId":"B6CE23A2-09CC-4417-A45F-63BCA66C4DD8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"29482B31-563A-4931-B11E-FDE86F87F25E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"97AAD857-95C0-4AE3-8510-CB306E8293F4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"1D261663-D224-4C92-A3F4-3509CAA78A36"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*","matchCriteriaId":"07E2FB94-F402-4CF0-BE35-574C1C6528BA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"6C6737F3-F881-4BDC-A4F4-F6F08B88EC1E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"2E776EE9-A662-4068-A61A-62CAE23C87F7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"CEBCF494-DC4C-4567-A5C8-2C8D93BAF289"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*","matchCriteriaId":"D53BD038-D594-41FF-B3EF-3365C5432AD0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"8152BD1B-DB69-4BD0-9DD3-79FC059319B1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*","matchCriteriaId":"178D2338-E48E-493C-992F-337AACE794DE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"4A4A2D03-6D4E-4ED9-A0CE-3DD681CB6E9F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*","matchCriteriaId":"833B2455-5D39-4457-9D6F-0CD738A2EB02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"C747D719-51A2-44F5-B940-89D84437DA95"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*","matchCriteriaId":"99F2F851-C18F-4CB8-B47C-516F2AC7955D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"34CC8BAD-3D4F-4DAD-B8CE-09D0BF4A5E11"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*","matchCriteriaId":"E472ABB0-5556-4B96-9CEF-2180E24FA7FD"}]}]}],"references":[{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-33485","sourceIdentifier":"cve@mitre.org","published":"2021-08-03T16:15:08.583","lastModified":"2026-05-29T15:16:20.230","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow."},{"lang":"es","value":"CODESYS Control Runtime system versiones anteriores a 3.5.17.10, presenta un Desbordamiento de Buffer en la región Heap de la memoria"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:beaglebone_sl:*:*","versionEndExcluding":"4.2.0.0","matchCriteriaId":"57DD6E2E-9B12-4C30-9CCF-26C5EFCFC0EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:empc-a\\/imx6_sl:*:*","versionEndExcluding":"4.2.0.0","matchCriteriaId":"79E8DFCC-74F7-4B0D-A476-D13CBB32EDEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:iot2000_sl:*:*","versionEndExcluding":"4.2.0.0","matchCriteriaId":"58160302-830A-463B-AE5F-782B01893F40"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:linux_sl:*:*","versionEndIncluding":"4.2.0.0","matchCriteriaId":"2E740918-B35E-4583-8580-046A7C7F3113"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:pfc100_sl:*:*","versionEndExcluding":"4.2.0.0","matchCriteriaId":"F00E63D5-8CA2-4082-B522-4B0C51772A4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:pfc200_sl:*:*","versionEndExcluding":"4.2.0.0","matchCriteriaId":"6890F3F3-6DF2-4D0C-A431-B3705900E1EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:plcnext_sl:*:*","versionEndExcluding":"4.2.0.0","matchCriteriaId":"7D6CA947-A0F3-4F45-804B-BAD4BD24CBC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:raspberry_pi_sl:*:*","versionEndExcluding":"4.2.0.0","matchCriteriaId":"1545D5A9-739E-4C36-933A-B87A3D593A22"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control:*:*:*:*:*:wago_touch_panels_600_sl:*:*","versionEndExcluding":"4.2.0.0","matchCriteriaId":"7D0A2D1F-F297-4D5D-8FB1-1C80297E91A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_rte:*:*:*:*:*:-:*:*","versionEndExcluding":"3.5.17.10","matchCriteriaId":"102C898A-8CA9-4C6E-AAAD-ED947F6DCEA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_rte:*:*:*:*:*:beckhoff_cx:*:*","versionEndExcluding":"3.5.17.10","matchCriteriaId":"C629084B-E59E-4FA4-A866-7F2FE8C6D26B"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_runtime_system_toolkit:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.17.10","matchCriteriaId":"48B1957E-472D-4A21-A8FC-DF2AF0C118F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:control_win_sl:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.17.10","matchCriteriaId":"FBCFD26C-0262-4D2B-99CA-E7EA0E6B75E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:embedded_target_visu_toolkit:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.17.10","matchCriteriaId":"B640C5A9-8241-4191-87F6-E31D6902702E"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:hmi:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.17.10","matchCriteriaId":"9116B38E-7B7C-48DB-B742-A8741EB63892"},{"vulnerable":true,"criteria":"cpe:2.3:a:codesys:remote_target_visu_toolkit:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.17.10","matchCriteriaId":"C86F931B-F172-4B00-B484-48048756655F"}]}]}],"references":[{"url":"https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download=","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=14805&token=f0b86f99bb302ddd4aadec483aed5f5d3fddbf1a&download=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22789","sourceIdentifier":"cybersecurity@se.com","published":"2021-09-02T17:15:08.180","lastModified":"2026-05-29T15:16:19.190","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."},{"lang":"es","value":"Una CWE-119: Una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria que podría causar una Denegación de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicación del controlador con un archivo de proyecto especialmente diseñado se presenta en Modicon M580 CPU (números de pieza BMEP* and BMEH*, todas las versiones), Modicon M340 CPU (números de pieza BMXP34*, todas las versiones), Modicon MC80 (números de pieza BMKC80*, todas las versiones), Modicon Momentum Ethernet CPU (números de pieza 171CBU*, todas las versiones), PLC Simulator for EcoStruxureª Control Expert, incluyendo todas las versiones Unity Pro (antiguo nombre de EcoStruxureª Control Expert, todas las versiones), PLC Simulator for EcoStruxureª Process Expert incluyendo todas las versiones HDCS (antiguo nombre de EcoStruxureª Process Expert, todas las versiones), Modicon Quantum CPU (números de pieza 140CPU*, todas las versiones), Modicon Premium CPU (números de pieza TSXP5*, todas las versiones)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*","matchCriteriaId":"178D2338-E48E-493C-992F-337AACE794DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*","matchCriteriaId":"833B2455-5D39-4457-9D6F-0CD738A2EB02"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*","matchCriteriaId":"99F2F851-C18F-4CB8-B47C-516F2AC7955D"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*","matchCriteriaId":"E472ABB0-5556-4B96-9CEF-2180E24FA7FD"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*","matchCriteriaId":"F484F8BB-60B5-4045-92C3-0C2A0CD4107E"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*","matchCriteriaId":"F4F0F823-89EA-451D-81DC-07AACA039371"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"610AE743-9FD1-4149-AD45-3B1DAE268BF9"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*","matchCriteriaId":"77116949-1141-432D-964B-29A759939E8F"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*","matchCriteriaId":"B6CE23A2-09CC-4417-A45F-63BCA66C4DD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"97AAD857-95C0-4AE3-8510-CB306E8293F4"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*","matchCriteriaId":"07E2FB94-F402-4CF0-BE35-574C1C6528BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"2E776EE9-A662-4068-A61A-62CAE23C87F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*","matchCriteriaId":"D53BD038-D594-41FF-B3EF-3365C5432AD0"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*","matchCriteriaId":"2317F260-7AA2-4178-B468-03DF36223E26"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7DDC42-37A1-43B0-AD46-2E0D098564BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*","matchCriteriaId":"765E4FEE-255E-4C47-824A-5661B84B490B"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FEA377-3C45-4F88-B233-088A24BD0771"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*","matchCriteriaId":"EBCCDD6D-35CE-4680-8B0C-86584B1D8958"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*","matchCriteriaId":"68FD5968-C522-4231-A98C-93D3101B6148"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*","matchCriteriaId":"BBC38FF1-693E-4899-883C-1B7B80A52F2C"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*","matchCriteriaId":"002E7F33-6729-4C35-9DDA-7D8383BD5668"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*","matchCriteriaId":"47DFEBAC-2F1D-4870-8425-2199BF80B425"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*","matchCriteriaId":"FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"6222C1F8-BE52-4666-B7F5-2E8BBC214F70"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*","matchCriteriaId":"5376D9F4-8AFB-4909-A11B-33C54C4220DB"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*","matchCriteriaId":"CADB178B-FEFD-48A9-B155-0E8F6D490229"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*","matchCriteriaId":"6B3C1879-269B-47EB-891B-EF2E90C911D7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*","matchCriteriaId":"62B3CEFA-BCF8-4305-B81A-980AA1352515"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*","matchCriteriaId":"2C1A9EE4-9564-45F6-8CF8-1A820E469B41"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*","matchCriteriaId":"026D5E27-E50D-4614-A3EB-C54150C85572"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*","matchCriteriaId":"0B765DF6-1D0A-4191-9AD7-250A7EB691BF"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*","matchCriteriaId":"67152082-E085-4111-98BA-6E9EF14ADB91"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*","matchCriteriaId":"BD68FC34-691B-406E-A59D-2596215AE314"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*","matchCriteriaId":"FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*","matchCriteriaId":"39E46898-7206-45C1-9A93-729B5905EF38"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*","matchCriteriaId":"C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*","matchCriteriaId":"32B611B6-1138-40DF-848A-A4A10E1DB0F2"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*","matchCriteriaId":"EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*","matchCriteriaId":"4479C318-EE74-4338-B172-EC13D4D62246"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*","matchCriteriaId":"98A25B72-B3A9-4717-8AA9-B164226DF9D9"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*","matchCriteriaId":"889E9E8B-688E-420E-9A99-AB64BA7ABCDC"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"7E3446A5-69F7-4270-93E2-CD5614970698"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*","matchCriteriaId":"08FE0C5D-3132-48AD-92EB-B7C4277C1FAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F1B7C-7972-463E-930E-F359A402DAF5"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*","matchCriteriaId":"DC9D2D4D-558B-424E-AB04-429C83F06DB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*","matchCriteriaId":"1A63ECFF-261A-4C39-964E-CBC4B97147DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*","matchCriteriaId":"0B722F22-2CEB-426B-9615-DD3B73A671F4"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04","source":"cybersecurity@se.com","tags":["Patch","Vendor Advisory"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2021-22790","sourceIdentifier":"cybersecurity@se.com","published":"2021-09-02T17:15:08.237","lastModified":"2026-05-29T15:16:19.440","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."},{"lang":"es","value":"UN CWE-125: Una vulnerabilidad de Lectura Fuera de Límites que podría causar una Denegación de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicación del controlador con un archivo de proyecto especialmente diseñado se presenta en Modicon M580 CPU (números de pieza BMEP* y BMEH*, todas las versiones), CPU Modicon M340 (números de pieza BMXP34*, todas las versiones), Modicon MC80 (números de pieza BMKC80*, todas las versiones), CPU Modicon Momentum Ethernet (números de pieza 171CBU*, todas las versiones), PLC Simulator for EcoStruxureª Control Expert, incluyendo todas las versiones Unity Pro (antiguo nombre de EcoStruxureª Control Expert, todas las versiones), PLC Simulator for EcoStruxureª Process Expert incluyendo todas las versiones HDCS (antiguo nombre de EcoStruxureª Process Expert, todas las versiones), Modicon Quantum CPU (números de pieza 140CPU*, todas las versiones), Modicon Premium CPU (números de pieza TSXP5*, todas las versiones)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*","matchCriteriaId":"178D2338-E48E-493C-992F-337AACE794DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*","matchCriteriaId":"833B2455-5D39-4457-9D6F-0CD738A2EB02"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*","matchCriteriaId":"99F2F851-C18F-4CB8-B47C-516F2AC7955D"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*","matchCriteriaId":"E472ABB0-5556-4B96-9CEF-2180E24FA7FD"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*","matchCriteriaId":"F484F8BB-60B5-4045-92C3-0C2A0CD4107E"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*","matchCriteriaId":"F4F0F823-89EA-451D-81DC-07AACA039371"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"610AE743-9FD1-4149-AD45-3B1DAE268BF9"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*","matchCriteriaId":"77116949-1141-432D-964B-29A759939E8F"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*","matchCriteriaId":"B6CE23A2-09CC-4417-A45F-63BCA66C4DD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"97AAD857-95C0-4AE3-8510-CB306E8293F4"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*","matchCriteriaId":"07E2FB94-F402-4CF0-BE35-574C1C6528BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"2E776EE9-A662-4068-A61A-62CAE23C87F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*","matchCriteriaId":"D53BD038-D594-41FF-B3EF-3365C5432AD0"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*","matchCriteriaId":"2317F260-7AA2-4178-B468-03DF36223E26"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7DDC42-37A1-43B0-AD46-2E0D098564BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*","matchCriteriaId":"765E4FEE-255E-4C47-824A-5661B84B490B"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FEA377-3C45-4F88-B233-088A24BD0771"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*","matchCriteriaId":"EBCCDD6D-35CE-4680-8B0C-86584B1D8958"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*","matchCriteriaId":"68FD5968-C522-4231-A98C-93D3101B6148"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*","matchCriteriaId":"BBC38FF1-693E-4899-883C-1B7B80A52F2C"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*","matchCriteriaId":"002E7F33-6729-4C35-9DDA-7D8383BD5668"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*","matchCriteriaId":"47DFEBAC-2F1D-4870-8425-2199BF80B425"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*","matchCriteriaId":"FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"6222C1F8-BE52-4666-B7F5-2E8BBC214F70"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*","matchCriteriaId":"5376D9F4-8AFB-4909-A11B-33C54C4220DB"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*","matchCriteriaId":"CADB178B-FEFD-48A9-B155-0E8F6D490229"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*","matchCriteriaId":"6B3C1879-269B-47EB-891B-EF2E90C911D7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*","matchCriteriaId":"62B3CEFA-BCF8-4305-B81A-980AA1352515"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*","matchCriteriaId":"2C1A9EE4-9564-45F6-8CF8-1A820E469B41"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*","matchCriteriaId":"026D5E27-E50D-4614-A3EB-C54150C85572"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*","matchCriteriaId":"0B765DF6-1D0A-4191-9AD7-250A7EB691BF"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*","matchCriteriaId":"67152082-E085-4111-98BA-6E9EF14ADB91"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*","matchCriteriaId":"BD68FC34-691B-406E-A59D-2596215AE314"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*","matchCriteriaId":"FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*","matchCriteriaId":"39E46898-7206-45C1-9A93-729B5905EF38"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*","matchCriteriaId":"C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*","matchCriteriaId":"32B611B6-1138-40DF-848A-A4A10E1DB0F2"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*","matchCriteriaId":"EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*","matchCriteriaId":"4479C318-EE74-4338-B172-EC13D4D62246"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*","matchCriteriaId":"98A25B72-B3A9-4717-8AA9-B164226DF9D9"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*","matchCriteriaId":"889E9E8B-688E-420E-9A99-AB64BA7ABCDC"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"7E3446A5-69F7-4270-93E2-CD5614970698"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*","matchCriteriaId":"08FE0C5D-3132-48AD-92EB-B7C4277C1FAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F1B7C-7972-463E-930E-F359A402DAF5"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*","matchCriteriaId":"DC9D2D4D-558B-424E-AB04-429C83F06DB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*","matchCriteriaId":"1A63ECFF-261A-4C39-964E-CBC4B97147DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*","matchCriteriaId":"0B722F22-2CEB-426B-9615-DD3B73A671F4"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05","source":"cybersecurity@se.com","tags":["Not Applicable"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04","source":"nvd@nist.gov","tags":["Patch","Vendor Advisory"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]}]}},{"cve":{"id":"CVE-2021-22791","sourceIdentifier":"cybersecurity@se.com","published":"2021-09-02T17:15:08.290","lastModified":"2026-05-29T15:16:19.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."},{"lang":"es","value":"Una CWE-787: Una vulnerabilidad de Escritura Fuera de Límites que podría causar una Denegación de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicación del controlador con un archivo de proyecto especialmente diseñado se presenta en Modicon M580 CPU (números de pieza BMEP* y BMEH*, todas las versiones), Modicon M340 CPU (números de pieza BMXP34*, todas las versiones), Modicon MC80 (números de pieza BMKC80*, todas las versiones), Modicon Momentum Ethernet CPU (números de pieza 171CBU*, todas las versiones), PLC Simulator para EcoStruxureª Control Expert, incluidas todas las versiones Unity Pro (antiguo nombre de EcoStruxureª Control Expert, todas las versiones), PLC Simulator para EcoStruxureª Process Expert, incluidas todas las versiones HDCS (antiguo nombre de EcoStruxureª Process Expert, todas las versiones), Modicon Quantum CPU (números de pieza 140CPU*, todas las versiones), Modicon Premium CPU (números de pieza TSXP5*, todas las versiones)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*","matchCriteriaId":"178D2338-E48E-493C-992F-337AACE794DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*","matchCriteriaId":"833B2455-5D39-4457-9D6F-0CD738A2EB02"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*","matchCriteriaId":"99F2F851-C18F-4CB8-B47C-516F2AC7955D"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*","matchCriteriaId":"E472ABB0-5556-4B96-9CEF-2180E24FA7FD"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*","matchCriteriaId":"F484F8BB-60B5-4045-92C3-0C2A0CD4107E"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*","matchCriteriaId":"F4F0F823-89EA-451D-81DC-07AACA039371"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"610AE743-9FD1-4149-AD45-3B1DAE268BF9"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*","matchCriteriaId":"77116949-1141-432D-964B-29A759939E8F"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*","matchCriteriaId":"B6CE23A2-09CC-4417-A45F-63BCA66C4DD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"97AAD857-95C0-4AE3-8510-CB306E8293F4"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*","matchCriteriaId":"07E2FB94-F402-4CF0-BE35-574C1C6528BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"2E776EE9-A662-4068-A61A-62CAE23C87F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*","matchCriteriaId":"D53BD038-D594-41FF-B3EF-3365C5432AD0"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*","matchCriteriaId":"2317F260-7AA2-4178-B468-03DF36223E26"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7DDC42-37A1-43B0-AD46-2E0D098564BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*","matchCriteriaId":"765E4FEE-255E-4C47-824A-5661B84B490B"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FEA377-3C45-4F88-B233-088A24BD0771"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*","matchCriteriaId":"EBCCDD6D-35CE-4680-8B0C-86584B1D8958"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*","matchCriteriaId":"68FD5968-C522-4231-A98C-93D3101B6148"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*","matchCriteriaId":"BBC38FF1-693E-4899-883C-1B7B80A52F2C"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*","matchCriteriaId":"002E7F33-6729-4C35-9DDA-7D8383BD5668"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*","matchCriteriaId":"47DFEBAC-2F1D-4870-8425-2199BF80B425"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*","matchCriteriaId":"FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"6222C1F8-BE52-4666-B7F5-2E8BBC214F70"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*","matchCriteriaId":"5376D9F4-8AFB-4909-A11B-33C54C4220DB"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*","matchCriteriaId":"CADB178B-FEFD-48A9-B155-0E8F6D490229"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*","matchCriteriaId":"6B3C1879-269B-47EB-891B-EF2E90C911D7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*","matchCriteriaId":"62B3CEFA-BCF8-4305-B81A-980AA1352515"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*","matchCriteriaId":"2C1A9EE4-9564-45F6-8CF8-1A820E469B41"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*","matchCriteriaId":"026D5E27-E50D-4614-A3EB-C54150C85572"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*","matchCriteriaId":"0B765DF6-1D0A-4191-9AD7-250A7EB691BF"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*","matchCriteriaId":"67152082-E085-4111-98BA-6E9EF14ADB91"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*","matchCriteriaId":"BD68FC34-691B-406E-A59D-2596215AE314"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*","matchCriteriaId":"FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*","matchCriteriaId":"39E46898-7206-45C1-9A93-729B5905EF38"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*","matchCriteriaId":"C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*","matchCriteriaId":"32B611B6-1138-40DF-848A-A4A10E1DB0F2"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*","matchCriteriaId":"EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*","matchCriteriaId":"4479C318-EE74-4338-B172-EC13D4D62246"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*","matchCriteriaId":"98A25B72-B3A9-4717-8AA9-B164226DF9D9"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*","matchCriteriaId":"889E9E8B-688E-420E-9A99-AB64BA7ABCDC"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"7E3446A5-69F7-4270-93E2-CD5614970698"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*","matchCriteriaId":"08FE0C5D-3132-48AD-92EB-B7C4277C1FAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F1B7C-7972-463E-930E-F359A402DAF5"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*","matchCriteriaId":"DC9D2D4D-558B-424E-AB04-429C83F06DB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*","matchCriteriaId":"1A63ECFF-261A-4C39-964E-CBC4B97147DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*","matchCriteriaId":"0B722F22-2CEB-426B-9615-DD3B73A671F4"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06","source":"cybersecurity@se.com","tags":["Not Applicable"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04","source":"nvd@nist.gov","tags":["Patch","Vendor Advisory"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-06","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]}]}},{"cve":{"id":"CVE-2021-22792","sourceIdentifier":"cybersecurity@se.com","published":"2021-09-02T17:15:08.343","lastModified":"2026-05-29T15:16:19.830","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)."},{"lang":"es","value":"Una CWE-476: Una vulnerabilidad de Desreferencia de Puntero NULL que podría causar una Denegación de Servicio en el controlador/simulador del PLC Modicon cuando se actualiza la aplicación del controlador con un archivo de proyecto especialmente diseñado se presenta en Modicon M580 CPU (números de pieza BMEP* and BMEH*, todas las versiones), Modicon M340 CPU (números de pieza BMXP34*, todas las versiones), Modicon MC80 (números de pieza BMKC80*, todas las versiones), Modicon Momentum Ethernet CPU (números de pieza 171CBU*, todas las versiones), PLC Simulator para EcoStruxureª Control Expert, incluidas todas las versiones Unity Pro (antiguo nombre de EcoStruxureª Control Expert, todas las versiones), PLC Simulator para EcoStruxureª Process Expert, incluidas todas las versiones HDCS (antiguo nombre de EcoStruxureª Process Expert, todas las versiones), Modicon Quantum CPU (números de pieza 140CPU*, todas las versiones), Modicon Premium CPU (números de pieza TSXP5*, todas las versiones)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*","matchCriteriaId":"178D2338-E48E-493C-992F-337AACE794DE"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*","matchCriteriaId":"833B2455-5D39-4457-9D6F-0CD738A2EB02"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*","matchCriteriaId":"99F2F851-C18F-4CB8-B47C-516F2AC7955D"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*","matchCriteriaId":"E472ABB0-5556-4B96-9CEF-2180E24FA7FD"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*","matchCriteriaId":"F484F8BB-60B5-4045-92C3-0C2A0CD4107E"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*","matchCriteriaId":"F4F0F823-89EA-451D-81DC-07AACA039371"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"610AE743-9FD1-4149-AD45-3B1DAE268BF9"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*","matchCriteriaId":"77116949-1141-432D-964B-29A759939E8F"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*","matchCriteriaId":"B6CE23A2-09CC-4417-A45F-63BCA66C4DD8"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"97AAD857-95C0-4AE3-8510-CB306E8293F4"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*","matchCriteriaId":"07E2FB94-F402-4CF0-BE35-574C1C6528BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"2E776EE9-A662-4068-A61A-62CAE23C87F7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*","matchCriteriaId":"D53BD038-D594-41FF-B3EF-3365C5432AD0"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*","matchCriteriaId":"2317F260-7AA2-4178-B468-03DF36223E26"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*","matchCriteriaId":"3D7DDC42-37A1-43B0-AD46-2E0D098564BA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*","matchCriteriaId":"765E4FEE-255E-4C47-824A-5661B84B490B"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*","matchCriteriaId":"B1FEA377-3C45-4F88-B233-088A24BD0771"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*","matchCriteriaId":"EBCCDD6D-35CE-4680-8B0C-86584B1D8958"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*","matchCriteriaId":"68FD5968-C522-4231-A98C-93D3101B6148"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*","matchCriteriaId":"C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*","matchCriteriaId":"BBC38FF1-693E-4899-883C-1B7B80A52F2C"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*","matchCriteriaId":"002E7F33-6729-4C35-9DDA-7D8383BD5668"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*","matchCriteriaId":"47DFEBAC-2F1D-4870-8425-2199BF80B425"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*","matchCriteriaId":"FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*","matchCriteriaId":"6222C1F8-BE52-4666-B7F5-2E8BBC214F70"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*","matchCriteriaId":"5376D9F4-8AFB-4909-A11B-33C54C4220DB"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*","matchCriteriaId":"CADB178B-FEFD-48A9-B155-0E8F6D490229"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*","matchCriteriaId":"6B3C1879-269B-47EB-891B-EF2E90C911D7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*","matchCriteriaId":"5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020301:-:*:*:*:*:*:*:*","matchCriteriaId":"62B3CEFA-BCF8-4305-B81A-980AA1352515"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8020310:-:*:*:*:*:*:*:*","matchCriteriaId":"2C1A9EE4-9564-45F6-8CF8-1A820E469B41"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_mc80_bmkc8030311:-:*:*:*:*:*:*:*","matchCriteriaId":"026D5E27-E50D-4614-A3EB-C54150C85572"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu78090:-:*:*:*:*:*:*:*","matchCriteriaId":"0B765DF6-1D0A-4191-9AD7-250A7EB691BF"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98090:-:*:*:*:*:*:*:*","matchCriteriaId":"67152082-E085-4111-98BA-6E9EF14ADB91"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_momentum_171cbu98091:-:*:*:*:*:*:*:*","matchCriteriaId":"BD68FC34-691B-406E-A59D-2596215AE314"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_1634m:-:*:*:*:*:*:*:*","matchCriteriaId":"FB98E7F1-DD61-47F5-A6BB-18D75FDFAB70"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2634m:-:*:*:*:*:*:*:*","matchCriteriaId":"39E46898-7206-45C1-9A93-729B5905EF38"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_2834m:-:*:*:*:*:*:*:*","matchCriteriaId":"C97A89AF-103A-4D2A-9EAF-42CEC88A2BCA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_454m:-:*:*:*:*:*:*:*","matchCriteriaId":"32B611B6-1138-40DF-848A-A4A10E1DB0F2"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_4634m:-:*:*:*:*:*:*:*","matchCriteriaId":"EF901CCB-1BC4-4EDA-A3D7-ED7523128EAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_554m:-:*:*:*:*:*:*:*","matchCriteriaId":"4479C318-EE74-4338-B172-EC13D4D62246"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_5634m:-:*:*:*:*:*:*:*","matchCriteriaId":"98A25B72-B3A9-4717-8AA9-B164226DF9D9"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_premium_tsxp57_6634m:-:*:*:*:*:*:*:*","matchCriteriaId":"889E9E8B-688E-420E-9A99-AB64BA7ABCDC"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150:-:*:*:*:*:*:*:*","matchCriteriaId":"7E3446A5-69F7-4270-93E2-CD5614970698"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65150c:-:*:*:*:*:*:*:*","matchCriteriaId":"08FE0C5D-3132-48AD-92EB-B7C4277C1FAA"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160:-:*:*:*:*:*:*:*","matchCriteriaId":"CD3F1B7C-7972-463E-930E-F359A402DAF5"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:modicon_quantum_140cpu65160c:-:*:*:*:*:*:*:*","matchCriteriaId":"DC9D2D4D-558B-424E-AB04-429C83F06DB7"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_control_expert:-:*:*:*:*:*:*:*","matchCriteriaId":"1A63ECFF-261A-4C39-964E-CBC4B97147DC"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:plc_simulator_for_ecostruxure_process_expert:-:*:*:*:*:*:*:*","matchCriteriaId":"0B722F22-2CEB-426B-9615-DD3B73A671F4"}]}]}],"references":[{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07","source":"cybersecurity@se.com","tags":["Not Applicable"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04","source":"nvd@nist.gov","tags":["Patch","Vendor Advisory"]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]}]}},{"cve":{"id":"CVE-2022-0715","sourceIdentifier":"cybersecurity@se.com","published":"2022-03-09T20:15:08.300","lastModified":"2026-05-29T15:16:20.427","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"},{"lang":"es","value":"Una CWE-287: Se presenta una vulnerabilidad de autenticación inapropiada que podría causar que un atacante cambie arbitrariamente el comportamiento del SAI cuando es filtrada una clave y es usada para cargar firmware malicioso. Producto afectado: Familia de Smart-UPS de APC: Serie SMT (SMT Series ID=18: UPS versiones 09.8 y anteriores / SMT Series ID=1040: UPS versiones 01.2 y anteriores / SMT Series ID=1031: UPS versiones 03.1 y anteriores), SMC Series (SMC Series ID=1005: UPS versiones 14.1 y anteriores / SMC Series ID=1007: UPS versiones 11.0 y anteriores / SMC Series ID=1041: UPS versiones 01.1 y anteriores), SCL Series (SCL Series ID=1030: UPS versiones 02.5 y anteriores / SCL Series ID=1036: UPS versiones 02.5 y anteriores), SMX Series (SMX Series ID=20: UPS versiones 10.2 y anteriores / SMX Series ID=23: UPS versiones 07.0 y anteriores), SRT Series (SRT Series ID=1010/1019/1025: UPS versiones 08.3 y anteriores / SRT Series ID=1024: UPS versiones 01.0 y anteriores / SRT Series ID=1020: UPS versiones 10.4 y anteriores / SRT Series ID=1021: UPS versiones 12.2 y anteriores / SRT Series ID=1001/1013: UPS versiones 05.1 y anteriores / SRT Series ID=1002/1014: UPS versiones a05.2 y anteriores), Familia SmartConnect de APC: Serie SMT (Serie SMT ID=1015: UPS versiones 04.5 y anteriores), Serie SMC (Serie SMC ID=1018: UPS versiones 04.2 y anteriores), Serie SMTL (Serie SMTL ID=1026: UPS versiones 02.9 y anteriores), Serie SCL (Serie SCL ID=1029: UPS versiones 02.5 y anteriores / SCL Series ID=1030: UPS versiones 02.5 y anteriores / SCL Series ID=1036: UPS versiones 02.5 y anteriores / SCL Series ID=1037: UPS versiones 03.1 y anteriores), SMX Series (SMX Series ID=1031: UPS versiones 03.1 y anteriores)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cybersecurity@se.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smt_series_1015_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"04.5","matchCriteriaId":"2C3EA55B-DB09-4124-A9D9-A92431C38D1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smt_series_1015_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"95C1E3D9-606B-4C57-A4E7-0A45C9D46332"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smc_series_1018_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"04.2","matchCriteriaId":"FFE2D844-ED18-44D3-9E75-4BB3082E4B51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smc_series_1018_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"154E788E-173C-4D16-A492-B61D39D420EF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smtl_series_1026_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"02.9","matchCriteriaId":"AE693F05-B0A7-452D-94C6-D36E37ACF6CB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smtl_series_1026_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"6B138EB4-6264-4BFA-B4C7-4B23FFA676B1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:scl_series_1029_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"02.5","matchCriteriaId":"C2E0803A-637E-4BBA-B9D5-AB59EE122844"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:scl_series_1029_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"4175BEC7-DA4D-4E19-A642-A5FC13D3598E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"02.5","matchCriteriaId":"469F9813-DE0E-4752-91EB-FECC001C6825"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"E8DC43CB-66C0-469B-AF87-0120D6280584"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"02.5","matchCriteriaId":"22E4C951-876D-46F7-8CF4-D943464E8338"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"9FB7E0EB-AF6D-4107-B343-50309E9DF03E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:scl_series_1037_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"03.1","matchCriteriaId":"3E52A522-88D4-4B6A-83B4-C56C093C7F54"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:scl_series_1037_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"04C627CE-E3F8-4E3F-8B93-07C92AA21296"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smx_series_1031_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"03.1","matchCriteriaId":"6251AE4E-FFED-4B0C-A90B-A3BD852A2ED8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smx_series_1031_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"9E1E7040-8123-483C-AE62-F190D83D0ADC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smt_series_18_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"09.8","matchCriteriaId":"A9B1431D-822C-47DF-8643-7D5E778A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smt_series_18_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"0E1F03F0-11F1-437A-8FD8-A3C8186D02DE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smt_series_1040_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.2","matchCriteriaId":"660A5F99-3370-48C9-A3C8-A54FFAC9BEE6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smt_series_1040_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"848020CF-D33A-4196-BB0C-ECD1D43372D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smt_series_1031_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"03.1","matchCriteriaId":"CE801653-57F9-4C13-8D23-91D5F22FD2C9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smt_series_1031_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"E1467655-7784-4287-8C32-3F522A49411D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smc_series_1005_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"14.1","matchCriteriaId":"1B5D15FE-D25F-4827-99C2-2B15DA5726F3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smc_series_1005_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"26B5EC8E-4FF9-4ED0-AB70-B5F6DBA72632"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smc_series_1007_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0","matchCriteriaId":"4929654C-D91D-4228-807B-F9DAC9D8C931"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smc_series_1007_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"2761A47B-326E-4CD0-96D6-12796992769D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smc_series_1041_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.1","matchCriteriaId":"428CBB13-0227-4557-8A22-DE8165949D3B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smc_series_1041_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"7FEFAD29-12AD-454B-BAFC-4C17A1D1E8E1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"02.5","matchCriteriaId":"469F9813-DE0E-4752-91EB-FECC001C6825"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"E8DC43CB-66C0-469B-AF87-0120D6280584"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"02.5","matchCriteriaId":"22E4C951-876D-46F7-8CF4-D943464E8338"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"9FB7E0EB-AF6D-4107-B343-50309E9DF03E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smx_series_20_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2","matchCriteriaId":"49A9A0AA-9E54-426D-B3DF-A896119DCFCB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smx_series_20_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"9869EFE8-DED1-40D9-8BD6-003E0507995F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:smx_series_23_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"07.0","matchCriteriaId":"AD04C6BF-A05F-41DC-9DB8-6ECBEF570FA3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:smx_series_23_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"A58B76AA-7DFC-4F6C-B6E6-4B19746788B3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1010_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"08.3","matchCriteriaId":"6717F4F6-F033-48CB-A4BA-6E19DAD98FE5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1010_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"83769E66-3290-4559-AD5A-C65BE83B27A1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1019_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"08.3","matchCriteriaId":"A45A70DF-4794-4E45-B134-EB8435AC5FB8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1019_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"09A53A75-F08A-47E9-A3CF-691EE7B475B7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1025_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"08.3","matchCriteriaId":"B73BB6AE-8CC4-465F-9C48-B125D0C25F59"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1025_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"D883C4EF-0530-4E8B-8C83-57B452219687"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1020_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10.4","matchCriteriaId":"CC69A97E-D632-42FE-A217-572EB966085A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1020_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"94F049E9-F1D2-4006-9C9A-5DA9C7229087"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1021_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"12.2","matchCriteriaId":"CF0C5ED3-2100-48C1-AC5A-E6285487815D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1021_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"DEC3AD24-6B13-4A44-A58C-9189BCF480D4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1001_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"05.1","matchCriteriaId":"1D4D6B50-3B1A-47EF-9055-2887128F0224"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1001_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"EB599BB4-82F4-4E97-BEF5-0ECC587F0A68"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1013_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"05.1","matchCriteriaId":"B4B35543-73E5-4EDD-9018-3BE90A5B99C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1013_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"833DCA70-FCBA-4C58-80EE-DEFFD0F661EF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1002_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"a05.2","matchCriteriaId":"318BBEA4-EAF2-499A-8E89-39EC58781BA6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1002_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"20C49E94-8D0A-4202-A433-6787BF8E4B68"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srt_series_1014_ups_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"a05.2","matchCriteriaId":"043062A8-6D85-46CD-934F-82BF075B8D53"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srt_series_1014_ups:-:*:*:*:*:*:*:*","matchCriteriaId":"B55E3932-EBCF-44CA-930D-F254EFF5FC68"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srtl1000rmxli_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.0","matchCriteriaId":"4A9B5DEA-467F-4C36-854A-F7A5967F0BD1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srtl1000rmxli:-:*:*:*:*:*:*:*","matchCriteriaId":"5165586B-64EF-4E2C-B496-2E82A61113A4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srtl1000rmxli-nc_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.0","matchCriteriaId":"FD635E09-A358-422A-9BD0-2B177D98E3EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srtl1000rmxli-nc:-:*:*:*:*:*:*:*","matchCriteriaId":"13699C09-1AB8-4C43-9621-295413A974FF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srtl1500rmxli-nc_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.0","matchCriteriaId":"1A5732D4-6BBD-41CA-8D24-84F2FC1412AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srtl1500rmxli-nc:-:*:*:*:*:*:*:*","matchCriteriaId":"773C3D26-4C71-440E-8CCA-85478C59B247"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srtl1500rmxli_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.0","matchCriteriaId":"ECDE919A-70ED-411B-9AAA-12C8B9EB1785"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srtl1500rmxli:-:*:*:*:*:*:*:*","matchCriteriaId":"C418AEA1-3C77-4969-9651-9995F7DE99EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srtl2200rmxli_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.0","matchCriteriaId":"40D232F8-B3F7-4CCF-9E08-6EA63AD7596C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srtl2200rmxli:-:*:*:*:*:*:*:*","matchCriteriaId":"7883EDB6-5A6D-4CDF-A467-A46E522B3B22"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srtl2200rmxli-nc_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.0","matchCriteriaId":"EB73EFDD-0994-4553-9075-5EB390816B31"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srtl2200rmxli-nc:-:*:*:*:*:*:*:*","matchCriteriaId":"54F5A2E5-DA9A-412E-A5FF-9EA97A8A2D9F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srtl3000rmxli-nc_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.0","matchCriteriaId":"66BFDC2B-B658-4782-AB42-14978BFD2ECC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srtl3000rmxli-nc:-:*:*:*:*:*:*:*","matchCriteriaId":"5FE692C1-4995-430A-896E-BDD68325BD16"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:srtl3000rmxli_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.0","matchCriteriaId":"83E06F71-7148-4B01-913C-5D92AA36C499"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:srtl3000rmxli:-:*:*:*:*:*:*:*","matchCriteriaId":"42A83199-87D4-4DD2-854F-2EDBD09509C4"}]}]}],"references":[{"url":"https://www.se.com/ww/en/download/document/SEVD-2022-067-02/","source":"cybersecurity@se.com","tags":["Vendor Advisory"]},{"url":"https://www.se.com/ww/en/download/document/SEVD-2022-067-02/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-23288","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:23.767","lastModified":"2026-05-29T15:29:32.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix out-of-bounds memset in command slot handling\n\nThe remaining space in a command slot may be smaller than the size of\nthe command header. Clearing the command header with memset() before\nverifying the available slot space can result in an out-of-bounds write\nand memory corruption.\n\nFix this by moving the memset() call after the size validation."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad:\n\naccel/amdxdna: Corrección de memset fuera de límites en el manejo de ranuras de comando\n\nEl espacio restante en una ranura de comando puede ser menor que el tamaño del encabezado de comando. Borrar el encabezado de comando con memset() antes de verificar el espacio de ranura disponible puede resultar en una escritura fuera de límites y corrupción de memoria.\n\nEsto se corrige moviendo la llamada a memset() después de la validación del tamaño."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.4","versionEndExcluding":"6.19.7","matchCriteriaId":"EABFC675-2A5E-4569-92F7-1E8942DA0683"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1110a949675ebd56b3f0286e664ea543f745801c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cca770d710d5e03bc814af585cd6975eb6d74074","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23289","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:23.887","lastModified":"2026-05-29T15:22:35.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()\n\nFix a user triggerable leak on the system call failure path."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nIB/mthca: Añadir mthca_unmap_user_db() que se había omitido para mthca_create_srq()\n\nCorregir una fuga activable por el usuario en la ruta de fallo de la llamada al sistema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.14","versionEndExcluding":"5.10.253","matchCriteriaId":"DE13CD56-EF71-4FB6-8909-29C447FC8FE7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/11ac61f4e9b7c48b0dd44661765e5ace3c441aa3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/72fcfd4df46f2ee684c4776664d0cfc6c1746c9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23290","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:24.043","lastModified":"2026-05-29T15:10:41.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: validate USB endpoints\n\nThe pegasus driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it.  If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: usb: pegasus: validar puntos finales USB\n\nEl controlador pegasus debería validar que el dispositivo que está sondeando tiene el número y tipos adecuados de puntos finales USB que espera antes de que se vincule a él. Si un dispositivo malicioso no tuviera los mismos urbs, el controlador fallará más tarde cuando acceda ciegamente a estos puntos finales."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af7369ae572f53cb701731a4289ec3b3889bc501","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5d9086211877361f1bda44a0aec538ddb04042a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23291","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:24.197","lastModified":"2026-05-29T15:07:47.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: properly drop the usb interface reference on disconnect\n\nWhen the device is disconnected from the driver, there is a \"dangling\"\nreference count on the usb interface that was grabbed in the probe\ncallback.  Fix this up by properly dropping the reference after we are\ndone with it."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnfc: pn533: soltar correctamente la referencia de la interfaz USB al desconectarse\n\nCuando el dispositivo se desconecta del controlador, hay un contador de referencias 'colgante' en la interfaz USB que fue obtenida en la función de devolución de llamada de sondeo. Solucionar esto soltando correctamente la referencia después de que hayamos terminado con ella."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.253","matchCriteriaId":"347BDDE9-6DB3-4F21-865D-FEC08136F2CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/00477cab053dc4816b99141d8fcca7a479cfebeb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/12133a483dfa832241fbbf09321109a0ea8a520e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5be8aa2bcfb53158436182db8dee9d0b8e5901e6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6645b030b0c1fc5bf338bffb0044238f24b2f770","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7398d6570501edc55a50ece820f369ab3c1df2e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ff14eb070f0efecb2606f8d7aa01b77d188e886","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23293","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:24.520","lastModified":"2026-05-29T15:04:45.067","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the 'ipv6.disable=1' parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If an IPv6 packet is injected into the interface,\nroute_shortcircuit() is called and a NULL pointer dereference happens on\nneigh_lookup().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000380\n Oops: Oops: 0000 [#1] SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x20/0x270\n [...]\n Call Trace:\n  <TASK>\n  vxlan_xmit+0x638/0x1ef0 [vxlan]\n  dev_hard_start_xmit+0x9e/0x2e0\n  __dev_queue_xmit+0xbee/0x14e0\n  packet_sendmsg+0x116f/0x1930\n  __sys_sendto+0x1f5/0x200\n  __x64_sys_sendto+0x24/0x30\n  do_syscall_64+0x12f/0x1590\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix this by adding an early check on route_shortcircuit() when protocol\nis ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because\nVXLAN can be built-in even when IPv6 is built as a module."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: vxlan: corrige la desreferencia de puntero NULL de nd_tbl cuando IPv6 está deshabilitado\n\nAl arrancar con el parámetro 'ipv6.disable=1', nd_tbl nunca se inicializa porque inet6_init() sale antes de que se llame a ndisc_init(), que es la función que lo inicializa. Si se inyecta un paquete IPv6 en la interfaz, se llama a route_shortcircuit() y ocurre una desreferencia de puntero NULL en neigh_lookup().\n\nBUG: desreferencia de puntero NULL del kernel, dirección: 0000000000000380\nOops: Oops: 0000 [#1] SMP NOPTI\n[...]\nRIP: 0010:neigh_lookup+0x20/0x270\n[...]\nTraza de Llamadas:\n \n vxlan_xmit+0x638/0x1ef0 [vxlan]\n dev_hard_start_xmit+0x9e/0x2e0\n __dev_queue_xmit+0xbee/0x14e0\n packet_sendmsg+0x116f/0x1930\n __sys_sendto+0x1f5/0x200\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x12f/0x1590\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nEsto se corrige añadiendo una verificación temprana en route_shortcircuit() cuando el protocolo es ETH_P_IPV6. Tenga en cuenta que ipv6_mod_enabled() no se puede usar aquí porque VXLAN puede estar integrado incluso cuando IPv6 se compila como un módulo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.10.253","matchCriteriaId":"0ECA9FA3-7D5A-47DF-96CD-50ED0F72C020"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/168ff39e4758897d2eee4756977d036d52884c7e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5f93e6b4d12bd3a4517a6d447ea675f448f21434","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/649e2bb74da54c96cf20729001e283626a2fefa0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/abcd48ecdeb2e12eccb8339a35534c757782afcd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5190fcd75a1f1785c766a8d1e44d3938e168f45","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc3e62cf3bbf66280a907ec379f373d0c3b8b2bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f0373e9317bc904e7bdb123d3106fe4f3cea2fb7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fbbd2118982c55fb9b0a753ae0cf7194e77149fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23294","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:24.697","lastModified":"2026-05-29T14:43:26.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix race in devmap on PREEMPT_RT\n\nOn PREEMPT_RT kernels, the per-CPU xdp_dev_bulk_queue (bq) can be\naccessed concurrently by multiple preemptible tasks on the same CPU.\n\nThe original code assumes bq_enqueue() and __dev_flush() run atomically\nwith respect to each other on the same CPU, relying on\nlocal_bh_disable() to prevent preemption. However, on PREEMPT_RT,\nlocal_bh_disable() only calls migrate_disable() (when\nPREEMPT_RT_NEEDS_BH_LOCK is not set) and does not disable\npreemption, which allows CFS scheduling to preempt a task during\nbq_xmit_all(), enabling another task on the same CPU to enter\nbq_enqueue() and operate on the same per-CPU bq concurrently.\n\nThis leads to several races:\n\n1. Double-free / use-after-free on bq->q[]: bq_xmit_all() snapshots\n   cnt = bq->count, then iterates bq->q[0..cnt-1] to transmit frames.\n   If preempted after the snapshot, a second task can call bq_enqueue()\n   -> bq_xmit_all() on the same bq, transmitting (and freeing) the\n   same frames. When the first task resumes, it operates on stale\n   pointers in bq->q[], causing use-after-free.\n\n2. bq->count and bq->q[] corruption: concurrent bq_enqueue() modifying\n   bq->count and bq->q[] while bq_xmit_all() is reading them.\n\n3. dev_rx/xdp_prog teardown race: __dev_flush() clears bq->dev_rx and\n   bq->xdp_prog after bq_xmit_all(). If preempted between\n   bq_xmit_all() return and bq->dev_rx = NULL, a preempting\n   bq_enqueue() sees dev_rx still set (non-NULL), skips adding bq to\n   the flush_list, and enqueues a frame. When __dev_flush() resumes,\n   it clears dev_rx and removes bq from the flush_list, orphaning the\n   newly enqueued frame.\n\n4. __list_del_clearprev() on flush_node: similar to the cpumap race,\n   both tasks can call __list_del_clearprev() on the same flush_node,\n   the second dereferences the prev pointer already set to NULL.\n\nThe race between task A (__dev_flush -> bq_xmit_all) and task B\n(bq_enqueue -> bq_xmit_all) on the same CPU:\n\n  Task A (xdp_do_flush)          Task B (ndo_xdp_xmit redirect)\n  ----------------------         --------------------------------\n  __dev_flush(flush_list)\n    bq_xmit_all(bq)\n      cnt = bq->count  /* e.g. 16 */\n      /* start iterating bq->q[] */\n    <-- CFS preempts Task A -->\n                                   bq_enqueue(dev, xdpf)\n                                     bq->count == DEV_MAP_BULK_SIZE\n                                     bq_xmit_all(bq, 0)\n                                       cnt = bq->count  /* same 16! */\n                                       ndo_xdp_xmit(bq->q[])\n                                       /* frames freed by driver */\n                                       bq->count = 0\n    <-- Task A resumes -->\n      ndo_xdp_xmit(bq->q[])\n      /* use-after-free: frames already freed! */\n\nFix this by adding a local_lock_t to xdp_dev_bulk_queue and acquiring\nit in bq_enqueue() and __dev_flush(). These paths already run under\nlocal_bh_disable(), so use local_lock_nested_bh() which on non-RT is\na pure annotation with no overhead, and on PREEMPT_RT provides a\nper-CPU sleeping lock that serializes access to the bq."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbpf: Corrige condición de carrera en devmap en PREEMPT_RT\n\nEn kernels PREEMPT_RT, la xdp_dev_bulk_queue (bq) por CPU puede ser accedida concurrentemente por múltiples tareas preemptivas en la misma CPU.\n\nEl código original asume que bq_enqueue() y __dev_flush() se ejecutan atómicamente con respecto la una a la otra en la misma CPU, confiando en local_bh_disable() para prevenir la expropiación. Sin embargo, en PREEMPT_RT, local_bh_disable() solo llama a migrate_disable() (cuando PREEMPT_RT_NEEDS_BH_LOCK no está configurado) y no deshabilita la expropiación, lo que permite que la planificación CFS expropie una tarea durante bq_xmit_all(), permitiendo que otra tarea en la misma CPU entre en bq_enqueue() y opere en la misma bq por CPU concurrentemente.\n\nEsto lleva a varias condiciones de carrera:\n\n1. Doble liberación / uso después de liberación en bq-&gt;q[]: bq_xmit_all() toma una instantánea de cnt = bq-&gt;count, luego itera bq-&gt;q[0..cnt-1] para transmitir tramas. Si es expropiada después de la instantánea, una segunda tarea puede llamar a bq_enqueue() -&gt; bq_xmit_all() en la misma bq, transmitiendo (y liberando) las mismas tramas. Cuando la primera tarea se reanuda, opera con punteros obsoletos en bq-&gt;q[], causando uso después de liberación.\n\n2. Corrupción de bq-&gt;count y bq-&gt;q[]: bq_enqueue() concurrente modificando bq-&gt;count y bq-&gt;q[] mientras bq_xmit_all() los está leyendo.\n\n3. Condición de carrera de desmontaje de dev_rx/xdp_prog: __dev_flush() borra bq-&gt;dev_rx y bq-&gt;xdp_prog después de bq_xmit_all(). Si es expropiada entre el retorno de bq_xmit_all() y bq-&gt;dev_rx = NULL, una bq_enqueue() expropiadora ve dev_rx aún configurado (no-NULL), omite añadir bq a la flush_list, y encola una trama. Cuando __dev_flush() se reanuda, borra dev_rx y elimina bq de la flush_list, dejando huérfana la trama recién encolada.\n\n4. __list_del_clearprev() en flush_node: similar a la condición de carrera de cpumap, ambas tareas pueden llamar a __list_del_clearprev() en el mismo flush_node, la segunda desreferencia el puntero prev ya establecido en NULL.\n\nLa condición de carrera entre la tarea A (__dev_flush -&gt; bq_xmit_all) y la tarea B (bq_enqueue -&gt; bq_xmit_all) en la misma CPU:\n\n  Tarea A (xdp_do_flush)          Tarea B (redirección ndo_xdp_xmit)\n  ----------------------         --------------------------------\n  __dev_flush(flush_list)\n    bq_xmit_all(bq)\n      cnt = bq-&gt;count  /* ej. 16 */\n      /* comienza a iterar bq-&gt;q[] */\n    &lt;-- CFS expropia la Tarea A --&gt;\n                                   bq_enqueue(dev, xdpf)\n                                     bq-&gt;count == DEV_MAP_BULK_SIZE\n                                     bq_xmit_all(bq, 0)\n                                       cnt = bq-&gt;count  /* ¡los mismos 16! */\n                                       ndo_xdp_xmit(bq-&gt;q[])\n                                       /* tramas liberadas por el controlador */\n                                       bq-&gt;count = 0\n    &lt;-- La Tarea A se reanuda --&gt;\n      ndo_xdp_xmit(bq-&gt;q[])\n      /* uso después de liberación: ¡tramas ya liberadas! */\n\nSolucione esto añadiendo un local_lock_t a xdp_dev_bulk_queue y adquiriéndolo en bq_enqueue() y __dev_flush(). Estas rutas ya se ejecutan bajo local_bh_disable(), así que use local_lock_nested_bh() que en no-RT es una anotación pura sin sobrecarga, y en PREEMPT_RT proporciona un bloqueo de suspensión por CPU que serializa el acceso a la bq."}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.17","matchCriteriaId":"91D34097-62D4-400A-8894-1A45A5B44EEA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1872e75375c40add4a35990de3be77b5741c252c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c10b019785dc282c5f45d21e4a3f468b8fd6476","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab1a56c9d99189aa5c6e03940d06e40ba6a28240","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23295","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:24.853","lastModified":"2026-05-29T14:42:08.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix dead lock for suspend and resume\n\nWhen an application issues a query IOCTL while auto suspend is running,\na deadlock can occur. The query path holds dev_lock and then calls\npm_runtime_resume_and_get(), which waits for the ongoing suspend to\ncomplete. Meanwhile, the suspend callback attempts to acquire dev_lock\nand blocks, resulting in a deadlock.\n\nFix this by releasing dev_lock before calling pm_runtime_resume_and_get()\nand reacquiring it after the call completes. Also acquire dev_lock in the\nresume callback to keep the locking consistent."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\naccel/amdxdna: Solución para el interbloqueo en suspensión y reanudación\n\nCuando una aplicación emite una consulta IOCTL mientras la suspensión automática está en ejecución, puede producirse un interbloqueo. La ruta de consulta mantiene dev_lock y luego llama a pm_runtime_resume_and_get(), que espera a que la suspensión en curso finalice. Mientras tanto, la devolución de llamada de suspensión intenta adquirir dev_lock y se bloquea, lo que resulta en un interbloqueo.\n\nEsto se soluciona liberando dev_lock antes de llamar a pm_runtime_resume_and_get() y volviéndolo a adquirir después de que la llamada finalice. También se adquiere dev_lock en la devolución de llamada de reanudación para mantener la consistencia del bloqueo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1aa82181a3c285c7351523d587f7981ae4c015c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ac24537478dd8eb2fd3984b4652bb19461e5e74c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23297","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:25.167","lastModified":"2026-05-29T14:29:14.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix cred ref leak in nfsd_nl_threads_set_doit().\n\nsyzbot reported memory leak of struct cred. [0]\n\nnfsd_nl_threads_set_doit() passes get_current_cred() to\nnfsd_svc(), but put_cred() is not called after that.\n\nThe cred is finally passed down to _svc_xprt_create(),\nwhich calls get_cred() with the cred for struct svc_xprt.\n\nThe ownership of the refcount by get_current_cred() is not\ntransferred to anywhere and is just leaked.\n\nnfsd_svc() is also called from write_threads(), but it does\nnot bump file->f_cred there.\n\nnfsd_nl_threads_set_doit() is called from sendmsg() and\ncurrent->cred does not go away.\n\nLet's use current_cred() in nfsd_nl_threads_set_doit().\n\n[0]:\nBUG: memory leak\nunreferenced object 0xffff888108b89480 (size 184):\n  comm \"syz-executor\", pid 5994, jiffies 4294943386\n  hex dump (first 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 369454a7):\n    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n    slab_post_alloc_hook mm/slub.c:4958 [inline]\n    slab_alloc_node mm/slub.c:5263 [inline]\n    kmem_cache_alloc_noprof+0x412/0x580 mm/slub.c:5270\n    prepare_creds+0x22/0x600 kernel/cred.c:185\n    copy_creds+0x44/0x290 kernel/cred.c:286\n    copy_process+0x7a7/0x2870 kernel/fork.c:2086\n    kernel_clone+0xac/0x6e0 kernel/fork.c:2651\n    __do_sys_clone+0x7f/0xb0 kernel/fork.c:2792\n    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94\n    entry_SYSCALL_64_after_hwframe+0x77/0x7f"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnfsd: Corrige la fuga de referencia de cred en nfsd_nl_threads_set_doit().\n\nsyzbot informó una fuga de memoria de la estructura cred. [0]\n\nnfsd_nl_threads_set_doit() pasa get_current_cred() a nfsd_svc(), pero put_cred() no es llamada después de eso.\n\nEl cred es finalmente pasado a _svc_xprt_create(), que llama a get_cred() con el cred para la estructura svc_xprt.\n\nLa propiedad del contador de referencias por get_current_cred() no es transferida a ningún lugar y simplemente se fuga.\n\nnfsd_svc() también es llamada desde write_threads(), pero no incrementa file-&gt;f_cred allí.\n\nnfsd_nl_threads_set_doit() es llamada desde sendmsg() y current-&gt;cred no desaparece.\n\nUsemos current_cred() en nfsd_nl_threads_set_doit().\n\n[0]:\nERROR: fuga de memoria\nobjeto sin referencia 0xffff888108b89480 (tamaño 184):\n  comm 'syz-executor', pid 5994, jiffies 4294943386\n  volcado hexadecimal (primeros 32 bytes):\n    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 369454a7):\n    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n    slab_post_alloc_hook mm/slub.c:4958 [inline]\n    slab_alloc_node mm/slub.c:5263 [inline]\n    kmem_cache_alloc_noprof+0x412/0x580 mm/slub.c:5270\n    prepare_creds+0x22/0x600 kernel/cred.c:185\n    copy_creds+0x44/0x290 kernel/cred.c:286\n    copy_process+0x7a7/0x2870 kernel/fork.c:2086\n    kernel_clone+0xac/0x6e0 kernel/fork.c:2651\n    __do_sys_clone+0x7f/0xb0 kernel/fork.c:2792\n    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94\n    entry_SYSCALL_64_after_hwframe+0x77/0x7f"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.77","matchCriteriaId":"5A646065-5446-461B-BB8D-D72F3DD27B7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1cb968a2013ffa8112d52ebe605009ea1c6a582c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/27c13c5bb0948e3b5c64e59f8a903231896fab9b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/41170716421c25cd20b39e83f0e0762e212b377b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a3f88e3e18b51a7f654189189c762ebcdeaa7e29","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23298","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:25.320","lastModified":"2026-05-29T14:27:13.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: Fix infinite loop from zero-length messages\n\nIf a broken ucan device gets a message with the message length field set\nto 0, then the driver will loop for forever in\nucan_read_bulk_callback(), hanging the system.  If the length is 0, just\nskip the message and go on to the next one.\n\nThis has been fixed in the kvaser_usb driver in the past in commit\n0c73772cd2b8 (\"can: kvaser_usb: leaf: Fix potential infinite loop in\ncommand parsers\"), so there must be some broken devices out there like\nthis somewhere."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ncan: ucan: Corrección de bucle infinito por mensajes de longitud cero\n\nSi un dispositivo ucan defectuoso recibe un mensaje con el campo de longitud del mensaje establecido en 0, entonces el controlador entrará en un bucle infinito en ucan_read_bulk_callback(), colgando el sistema. Si la longitud es 0, simplemente omita el mensaje y pase al siguiente.\n\nEsto ha sido corregido en el controlador kvaser_usb en el pasado en el commit 0c73772cd2b8 ('can: kvaser_usb: leaf: Corrección de posible bucle infinito en los analizadores de comandos'), así que debe haber algunos dispositivos defectuosos por ahí como este en algún lugar."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"5.10.253","matchCriteriaId":"A8DA957C-C958-43FF-BB9F-975A326709F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.203","matchCriteriaId":"20DDB3E9-AABF-4107-ADB0-5362AA067045"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.167","matchCriteriaId":"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.77","matchCriteriaId":"B3D12E00-E42D-4056-B354-BAD4903C03A5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.17","matchCriteriaId":"A5E006E4-59C7-43C1-9231-62A72219F2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/13b646eec3ba1131180803f5aaf1fee23540ad8f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e446fd0582ad8be9f6dafb115fc2e7245f9bea7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aa9e0a7fe5efc2f74327fd37d828e9a51d9ff588","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ab6f075492d37368b4c7b0df7f7fdc2b666887fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bd85f21a6219aeae4389d700c54f1799f4b814e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c7bc62be6c1a60bb21301692009590b1ffda91d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ca07d3c6eef14d34e6fdeefe55058db045be29dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7bb6e0606b5f233531aaaad9542d69fbb792115","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-23299","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-03-25T11:16:25.487","lastModified":"2026-05-29T14:25:27.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: purge error queues in socket destructors\n\nWhen TX timestamping is enabled via SO_TIMESTAMPING, SKBs may be queued\ninto sk_error_queue and will stay there until consumed. If userspace never\ngets to read the timestamps, or if the controller is removed unexpectedly,\nthese SKBs will leak.\n\nFix by adding skb_queue_purge() calls for sk_error_queue in affected\nbluetooth destructors. RFCOMM does not currently use sk_error_queue."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nBluetooth: purgar colas de error en destructores de sockets\n\nCuando la marca de tiempo TX está habilitada a través de SO_TIMESTAMPING, los SKB pueden ser encolados en sk_error_queue y permanecerán allí hasta ser consumidos. Si el espacio de usuario nunca llega a leer las marcas de tiempo, o si el controlador es eliminado inesperadamente, estos SKB se filtrarán.\n\nSolución añadiendo llamadas a skb_queue_purge() para sk_error_queue en los destructores de bluetooth afectados. RFCOMM no utiliza actualmente sk_error_queue."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.17","matchCriteriaId":"7B6E9607-896D-4A84-B5CB-3311EB1230BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.7","matchCriteriaId":"69245D10-0B71-485E-80C3-A64F077004D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21e4271e65094172aadd5beb8caea95dd0fbf6d7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2b6c942a526635f5c61d2f000258e620da32d3a7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3de7c10a950b36affc692d8bd2ac713852580e56","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-58074","sourceIdentifier":"security@nortonlifelock.com","published":"2026-05-04T14:16:28.480","lastModified":"2026-05-29T14:16:24.667","vulnStatus":"Awaiting Analysis","cveTags":[{"sourceIdentifier":"security@nortonlifelock.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges."}],"metrics":{"cvssMetricV31":[{"source":"security@nortonlifelock.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"security@nortonlifelock.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1386"}]}],"references":[{"url":"https://support.norton.com/sp/en/me/home/current/solutions/v20250301180004520","source":"security@nortonlifelock.com"},{"url":"https://www.gendigital.com/us/en/contact-us/security-advisories/","source":"security@nortonlifelock.com"},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2276","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-43616","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-04T18:16:32.830","lastModified":"2026-05-29T14:01:06.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:horsicq:detect-it-easy:*:*:*:*:*:*:*:*","versionEndExcluding":"3.21","matchCriteriaId":"BE38B942-D8BE-48F9-918B-E667376ADDB0"}]}]}],"references":[{"url":"https://github.com/horsicq/DIE-engine/commit/7fd300b926daf19707b2a36f0abe8b60a51308ee","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/horsicq/DIE-engine/commit/cbbe1688e58ffd430d284bf65f336973f083db69","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/horsicq/DIE-engine/releases/tag/3.21","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://github.com/horsicq/Detect-It-Easy","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://github.com/horsicq/Formats/commit/56cdf50ee3c72c56284e2819b23e98332842d259","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/horsicq/XArchive/commit/6a2aa84c2fd120b704f76bb5c5ee3e9b5a7a0fcc","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://www.vulncheck.com/advisories/detect-it-easy-path-traversal-arbitrary-file-write","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-38751","sourceIdentifier":"cve@mitre.org","published":"2026-05-04T19:16:03.613","lastModified":"2026-05-29T14:41:34.623","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:devcode:openstamanager:*:*:*:*:*:*:*:*","versionEndIncluding":"2.10","matchCriteriaId":"61B52C15-FE15-45A5-8BE6-A5C47ACBE850"}]}]}],"references":[{"url":"https://github.com/devcode-it/openstamanager","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/fuutianyii/poc","source":"cve@mitre.org","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-7768","sourceIdentifier":"ce714d77-add3-4f53-aff5-83d477b104bb","published":"2026-05-04T20:16:21.107","lastModified":"2026-05-29T14:43:17.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the Node.js heap and crashing the process. Versions <= 6.0.3 are affected. Update to 6.0.4 or later, which bounds the cache via an LRU with a default size of 100 entries, configurable through the new cacheSize plugin option."}],"metrics":{"cvssMetricV31":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"ce714d77-add3-4f53-aff5-83d477b104bb","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fastify:fastify\\/accepts-serializer:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.0.4","matchCriteriaId":"47020EDF-6583-4271-AE38-04FE4EE8F199"}]}]}],"references":[{"url":"https://cna.openjsf.org/security-advisories.html","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]},{"url":"https://github.com/fastify/fastify-accepts-serializer/security/advisories/GHSA-qxhc-wx3p-2wmg","source":"ce714d77-add3-4f53-aff5-83d477b104bb","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39103","sourceIdentifier":"cve@mitre.org","published":"2026-05-05T16:16:12.993","lastModified":"2026-05-29T14:44:41.747","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*","versionEndExcluding":"2026-04-01","matchCriteriaId":"DF3A6E0C-CE62-44A2-8507-35193465BD8E"}]}]}],"references":[{"url":"https://github.com/gpac/gpac/commit/391dc7f4d234988ea0bc3cc294eb725eddf8f702","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/gpac/gpac/issues/3506","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://github.com/gpac/gpac/issues/3506","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-7875","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-06T17:16:24.250","lastModified":"2026-05-29T15:24:59.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nanoco:nanoclaw:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.0","matchCriteriaId":"A32902C7-7FB4-475F-BEC6-55F87DF2B3D8"}]}]}],"references":[{"url":"https://github.com/qwibitai/nanoclaw/commit/7814e45570edf0024a1a5c2ba9fbc9cb3a49f7f7","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/qwibitai/nanoclaw/pull/2001","source":"disclosure@vulncheck.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/qwibitai/nanoclaw/releases/tag/v1.2.0","source":"disclosure@vulncheck.com","tags":["Product","Release Notes"]},{"url":"https://github.com/qwibitai/nanoclaw/pull/2001","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2026-41589","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T14:16:02.853","lastModified":"2026-05-29T15:23:29.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequences over the SCP protocol. This issue has been patched in version 2.0.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:charm:wish:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"68764D40-A084-40D8-84FA-F5EEFCD72FF2"}]}]}],"references":[{"url":"https://github.com/charmbracelet/wish/releases/tag/v2.0.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/charmbracelet/wish/security/advisories/GHSA-xjvp-7243-rg9h","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/charmbracelet/wish/security/advisories/GHSA-xjvp-7243-rg9h","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41691","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T21:16:29.560","lastModified":"2026-05-29T15:18:26.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Copilot said: i18nextify is a JavaScript library that adds\ni18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL template without any encoding, validation, or path sanitisation. When an application exposes the language-code selection to user-controlled input (the default — i18next-browser-languagedetector reads ?lng= query params, cookies, localStorage, and request headers), an attacker can inject characters that change the structure of the outgoing request URL. This is a single URL-injection vulnerability. The attacker-controlled value is neutralised before it is used as part of an output URL string; the attack shape covers both path traversal and broader URL-structure injection — both are closed by the one interpolateUrl sanitisation fix. This issue has been fixed in version 3.0.5. If users cannot upgrade immediately, they can work around the issue by sanitising lng / ns before they reach i18next (strip .., /, \\, ?, #, %, whitespace, and control characters; cap the length)."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:i18next:i18next-http-backend:*:*:*:*:*:node.js:*:*","versionEndExcluding":"3.0.5","matchCriteriaId":"AF30D3E4-BC7C-4059-98B4-CB275ED97573"}]}]}],"references":[{"url":"https://github.com/i18next/i18next-http-backend/commit/4cee84f229c637b9c182366d3156f726d407a621","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/i18next/i18next-http-backend/security/advisories/GHSA-q89c-q3h5-w34g","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41692","sourceIdentifier":"security-advisories@github.com","published":"2026-05-07T21:16:29.717","lastModified":"2026-05-29T15:08:21.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute {{key}} interpolation tokens inside src and href attribute values with the raw string returned by i18next.t(). The substitution logic in src/localize.js (the replaceInside handler) only guards against a duplicated http:// origin prefix — it does not validate the URL scheme of the substituted value. A translated value such as javascript:alert(1) or data:text/html,<script>...</script> is applied unchanged to the live DOM attribute when an attacker can influence the content of a translation file or the translation-backend response — for example, via a compromised translation CDN, user-contributed locales, a MITM on a plain-HTTP backend, or write access to the translation JSON. This issue was patched in version 4.0.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:i18next:i18nextify:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.8","matchCriteriaId":"75BE4A58-77DC-4A0B-B94D-B7AFACC8A8B9"}]}]}],"references":[{"url":"https://github.com/i18next/i18nextify/commit/16f23dbcdcf893673587f7a03355bf7ce0a0e49e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/i18next/i18nextify/security/advisories/GHSA-6457-mxpq-4fqq","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-8112","sourceIdentifier":"cna@vuldb.com","published":"2026-05-07T22:16:37.507","lastModified":"2026-05-29T14:58:48.490","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 028f62216dee9f64833d0f1cfda7c217067ceba8. To fix this issue, it is recommended to deploy a patch."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:8421bit:miniclaw:*:*:*:*:*:*:*:*","versionEndIncluding":"2026-04-29","matchCriteriaId":"8CF812EE-8A35-4FFC-9909-16A7605CC0B7"}]}]}],"references":[{"url":"https://github.com/8421bit/MiniClaw/","source":"cna@vuldb.com","tags":["Product"]},{"url":"https://github.com/8421bit/MiniClaw/commit/028f62216dee9f64833d0f1cfda7c217067ceba8","source":"cna@vuldb.com","tags":["Patch"]},{"url":"https://github.com/8421bit/MiniClaw/issues/4","source":"cna@vuldb.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/8421bit/MiniClaw/pull/7","source":"cna@vuldb.com","tags":["Patch"]},{"url":"https://vuldb.com/submit/808166","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361900","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://vuldb.com/vuln/361900/cti","source":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"]}]}},{"cve":{"id":"CVE-2026-41900","sourceIdentifier":"security-advisories@github.com","published":"2026-05-08T04:16:18.710","lastModified":"2026-05-29T14:54:23.353","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in version 2.0.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-250"},{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-693"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:th30d4y:openlearnx:2.0.1:*:*:*:*:node.js:*:*","matchCriteriaId":"A26C86B8-ADA9-4301-ABC6-3294050ABD71"}]}]}],"references":[{"url":"https://github.com/th30d4y/OpenLearnX/commit/14765d7d1856d564747c55c5412e2f38feab079e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/th30d4y/OpenLearnX/releases/tag/v2.0.3-security-fix","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/th30d4y/OpenLearnX/security/advisories/GHSA-8h25-q488-4hxw","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-40946","sourceIdentifier":"productcert@siemens.com","published":"2026-05-12T10:16:42.860","lastModified":"2026-05-29T14:16:23.570","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M10 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0 TL3-60.0 TL3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions < V6.1.4.9), blueplanet gridsave 110 TL3-S (All versions < V3.91), blueplanet gridsave 137 TL3-S (All versions < V3.91), blueplanet gridsave 92.0 TL3-S (All versions < V3.91), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). A CRC16-based algorithm for generating Technical Service credentials could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access."}],"metrics":{"cvssMetricV40":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-545643.html","source":"productcert@siemens.com"}]}},{"cve":{"id":"CVE-2026-41125","sourceIdentifier":"productcert@siemens.com","published":"2026-05-12T10:16:46.057","lastModified":"2026-05-29T14:16:26.890","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M10 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions), blueplanet gridsave 110 TL3-S (All versions), blueplanet gridsave 137 TL3-S (All versions), blueplanet gridsave 92.0 TL3-S (All versions), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). Improper neutralization of special elements used in an sql command ('sql injection') in KACO Meteor server allows an authorized attacker to elevate privileges over a local network."}],"metrics":{"cvssMetricV40":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"productcert@siemens.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.5}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-545643.html","source":"productcert@siemens.com"}]}},{"cve":{"id":"CVE-2022-34363","sourceIdentifier":"security_alert@emc.com","published":"2026-05-22T16:16:19.353","lastModified":"2026-05-29T15:53:54.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the  Unisphere for VMAX application running in vApp"}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.0.2","matchCriteriaId":"4D043EF2-D6C9-43CA-B442-DB9D81912870"}]}]}],"references":[{"url":"https://dellservices.lightning.force.com/lightning/r/Lightning_Knowledge__kav/ka06P000000xAiKQAU/view","source":"security_alert@emc.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-25680","sourceIdentifier":"security@golang.org","published":"2026-05-22T16:16:19.753","lastModified":"2026-05-29T15:47:57.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:net:*:*:*:*:*:go:*:*","versionEndExcluding":"0.55.0","matchCriteriaId":"38C86E7B-A1CA-4670-B113-FC9585261F6F"}]}]}],"references":[{"url":"https://go.dev/cl/781702","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79573","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5028","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-25681","sourceIdentifier":"security@golang.org","published":"2026-05-22T16:16:19.863","lastModified":"2026-05-29T15:30:15.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1021"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:net:*:*:*:*:*:go:*:*","versionEndExcluding":"0.55.0","matchCriteriaId":"38C86E7B-A1CA-4670-B113-FC9585261F6F"}]}]}],"references":[{"url":"https://go.dev/cl/781703","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79574","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5029","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-27136","sourceIdentifier":"security@golang.org","published":"2026-05-22T16:16:20.087","lastModified":"2026-05-29T15:27:46.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1021"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:net:*:*:*:*:*:go:*:*","versionEndExcluding":"0.55.0","matchCriteriaId":"38C86E7B-A1CA-4670-B113-FC9585261F6F"}]}]}],"references":[{"url":"https://go.dev/cl/781685","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/79575","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5030","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39821","sourceIdentifier":"security@golang.org","published":"2026-05-22T16:16:20.410","lastModified":"2026-05-29T15:26:37.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\"."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1289"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:net:*:*:*:*:*:go:*:*","versionEndExcluding":"0.55.0","matchCriteriaId":"38C86E7B-A1CA-4670-B113-FC9585261F6F"}]}]}],"references":[{"url":"https://go.dev/cl/767220","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://go.dev/issue/78760","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8","source":"security@golang.org","tags":["Mailing List"]},{"url":"https://pkg.go.dev/vuln/GO-2026-5026","source":"security@golang.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9416","sourceIdentifier":"cna@vuldb.com","published":"2026-05-25T02:16:57.623","lastModified":"2026-05-29T15:16:25.153","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://code-projects.org/","source":"cna@vuldb.com"},{"url":"https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul13.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813698","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365397","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/365397/cti","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/813698","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44209","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T21:16:37.620","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://github.com/masci/banks/pull/74","source":"security-advisories@github.com"},{"url":"https://github.com/masci/banks/security/advisories/GHSA-gphh-9q3h-jgpp","source":"security-advisories@github.com"},{"url":"https://github.com/masci/banks/security/advisories/GHSA-gphh-9q3h-jgpp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44213","sourceIdentifier":"security-advisories@github.com","published":"2026-05-26T22:16:42.443","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the INSTANA_ENDPOINT_PROXY environment variable. If a network attacker can Man-in-the-Middle (MitM) the proxy connection, all OpenTelemetry telemetry data and the Instana API key are exposed to the attacker. This vulnerability is fixed in 1.1.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-dotnet-contrib/security/advisories/GHSA-wfr5-454p-mjc2","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-dotnet-contrib/security/advisories/GHSA-wfr5-454p-mjc2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-48906","sourceIdentifier":"security@joomla.org","published":"2026-05-27T11:16:24.713","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites."}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security@joomla.org","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://tassos.gr","source":"security@joomla.org"}]}},{"cve":{"id":"CVE-2026-42280","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T15:16:27.753","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/auth0/auth0.js/security/advisories/GHSA-8qjv-jj2q-x832","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44838","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T15:16:28.743","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to topics that include their client ID. However, the client_id is provided by the user in the MQTT CONNECT packet and is inserted into the regex pattern without escaping special regex characters. This flaw enables an authenticated MQTT user to inject regex operators to bypass authorization. This vulnerability is fixed in 4.2.4 and 4.3.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-x866-xp2g-cx8v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44839","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T15:16:29.073","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13,  This vulnerability is fixed in 4.1.2 and 4.0.13."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-80"}]}],"references":[{"url":"https://github.com/rabbitmq/rabbitmq-server/commit/7f54319279d1ece161ae0b4cdc6f0e58a4045eb5","source":"security-advisories@github.com"},{"url":"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-fh5r-jpm3-fjwp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44902","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T15:16:29.313","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default 0.0.0.0:9464) has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. This vulnerability is fixed in 0.217.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-755"}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44972","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T15:16:29.690","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/DataDog/guarddog/security/advisories/GHSA-m5p4-gvpx-4mvr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45022","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T15:16:29.980","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally, go-git’s commit signing and verification logic operates over commit data reconstructed from go-git’s parsed representation rather than the original raw object bytes. As a result, go-git may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository. This can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed. This vulnerability is fixed in 5.19.0 and 6.0.0-alpha.3."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-180"},{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45570","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T15:16:30.240","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containing a single quote can therefore break out of the quoted region in the exec command and be appended as additional shell tokens. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.3,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://github.com/go-git/go-git/security/advisories/GHSA-m7cr-m3pv-hgrp","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45571","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T15:16:30.387","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-48545","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-27T15:16:31.020","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a parent-domain cookie that the shared client stores and automatically replays into all subsequent proxy requests to other legitimate Spaces, affecting all users of the same Gradio deployment."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"references":[{"url":"https://github.com/gradio-app/gradio/commit/feb7237d01f359d2ad4ee42d00344e61692b3b39","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/issues/13369","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/pull/13384","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/releases/tag/gradio%406.15.0","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/gradio-cookie-injection-via-shared-pro","source":"disclosure@vulncheck.com"},{"url":"https://github.com/gradio-app/gradio/issues/13369","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-6957","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-05-27T15:16:34.903","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via a malicious filename delivered through the shared-channel attachment sync protocol. Mattermost Advisory ID: MMSA-2026-00659"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com"}]}},{"cve":{"id":"CVE-2026-44345","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:23.200","lastModified":"2026-05-29T15:34:31.597","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 interpolates docker.base_image raw with no escaping, newline filtering, or validation. A malicious bento.yaml with a multi-line docker.base_image value smuggles arbitrary Dockerfile directives into the generated Dockerfile, and bentoml containerize then runs docker build which executes the injected RUN directives on the victim host. This vulnerability is fixed in 1.4.39."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/bentoml/BentoML/security/advisories/GHSA-78f9-r8mh-4xm2","source":"security-advisories@github.com"},{"url":"https://github.com/bentoml/BentoML/security/advisories/GHSA-78f9-r8mh-4xm2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44346","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T18:16:23.333","lastModified":"2026-05-29T15:34:31.597","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44","source":"security-advisories@github.com"},{"url":"https://github.com/bentoml/BentoML/security/advisories/GHSA-w2pm-x38x-jp44","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42877","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:36.673","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/AjaxForms/SalesModalHTML.php) and purchases documents (Core/Lib/AjaxForms/PurchasesModalHTML.php). An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other user who opens the product search modal inside an invoice, order, or delivery note."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx","source":"security-advisories@github.com"},{"url":"https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-r736-2678-fcrx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44886","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:37.767","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then injected in a SQL query. This vulnerability is fixed in 2026-05-07."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-m929-j7w8-334j","source":"security-advisories@github.com"},{"url":"https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-m929-j7w8-334j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44887","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:37.900","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec(), injected code executes as the daemon process. With web protection disabled (the default configuration), no authentication is required, making this an unauthenticated Remote Code Execution vulnerability. This vulnerability is fixed in 2026-05-07."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-r59g-5wf9-f7vv","source":"security-advisories@github.com"},{"url":"https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-r59g-5wf9-f7vv","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44888","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T20:16:38.040","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly into\npialert.conf without validation. Since pialert.conf is loaded via Python's exec() every 3–5 minutes by the\nbackground cron process, an attacker can inject arbitrary Python code and achieve unauthenticated OS-level RCE. On\ndefault installations (PIALERT_WEB_PROTECTION = False), no credentials are required. This vulnerability is fixed in 2026-05-07."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-xg85-f8qw-7c5f","source":"security-advisories@github.com"},{"url":"https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-xg85-f8qw-7c5f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9759","sourceIdentifier":"cve@gitlab.com","published":"2026-05-27T20:16:46.797","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service"}],"metrics":{"cvssMetricV31":[{"source":"cve@gitlab.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve@gitlab.com","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"references":[{"url":"https://gitlab.com/wireshark/wireshark/-/work_items/21243","source":"cve@gitlab.com"},{"url":"https://www.wireshark.org/security/wnpa-sec-2026-51.html","source":"cve@gitlab.com"}]}},{"cve":{"id":"CVE-2026-45136","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:18.523","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user's Claude Code process. This vulnerability is fixed in 3.5.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/cnighswonger/claude-code-cache-fix/issues/108","source":"security-advisories@github.com"},{"url":"https://github.com/cnighswonger/claude-code-cache-fix/pull/110","source":"security-advisories@github.com"},{"url":"https://github.com/cnighswonger/claude-code-cache-fix/security/advisories/GHSA-g3xq-3gmv-qq8g","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45137","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T21:16:18.670","lastModified":"2026-05-29T15:34:31.597","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in programs that invoke system program instructions. In the TryFrom<&'a AccountInfo<'a>> implementation for Program<'a, T>, the id of T is compared with Pubkey::default() to check whether anchor should allow any executable account, or a specific account, because when no T is supplied, T defaults to (), which implements Id::id() by returning Pubkey::default(). This results in T = () and T = System (which has Pubkey::default() as the id) having the same behavior, both allow any executable account. Programs built with anchor assume that the anchor runtime verifies passed in programs of type Program<'a, System> are in fact the system program. This false assumption can lead to arbitrary CPI or payment bypassing when programs try making CPI calls to the system program using the passed in system program due to the fact that the attacker can pass in any program instead of the system program.  This vulnerability is fixed in 1.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://github.com/otter-sec/anchor/security/advisories/GHSA-c6rc-8jpp-2fgc","source":"security-advisories@github.com"},{"url":"https://github.com/otter-sec/anchor/security/advisories/GHSA-c6rc-8jpp-2fgc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-44247","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T22:16:35.507","lastModified":"2026-05-29T15:34:31.597","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook server exposed to in-cluster traffic are affected. This vulnerability is fixed in v1.14.2, v1.13.3, and v1.12.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/volcano-sh/volcano/security/advisories/GHSA-8wxp-xxp2-rcgx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44720","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T22:16:36.680","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://github.com/th30d4y/OpenLearnX/security/advisories/GHSA-223g-f5mq-gw33","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45083","sourceIdentifier":"security-advisories@github.com","published":"2026-05-27T22:16:36.820","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to the backend Solr server without restriction. An attacker could read the complete Solr index and, in default Solr deployments, also modify or delete indexed records. This vulnerability is fixed in 26.04.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/intranda/goobi-viewer-core/commit/326980f24ce1e7cfabf658dd5f615934ca68ebbd","source":"security-advisories@github.com"},{"url":"https://github.com/intranda/goobi-viewer-core/commit/6bfb1cbd4250b0b347e84a80f38e8bf46acac705","source":"security-advisories@github.com"},{"url":"https://github.com/intranda/goobi-viewer-core/security/advisories/GHSA-2rgp-f66f-4499","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-9739","sourceIdentifier":"cve-coordination@google.com","published":"2026-05-27T23:16:48.573","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP security guidelines. However, the hardcoded `Access-Control-Allow-Origin: *` header in the SSE initialization handler was inadvertently retained. This vulnerability specifically impacts users connecting via Toolbox using SSE under specification v2024-11-05."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://github.com/googleapis/mcp-toolbox/issues/3053","source":"cve-coordination@google.com"},{"url":"https://github.com/googleapis/mcp-toolbox/pull/3054","source":"cve-coordination@google.com"}]}},{"cve":{"id":"CVE-2026-32996","sourceIdentifier":"support@hackerone.com","published":"2026-05-28T05:16:35.637","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation."}],"metrics":{"cvssMetricV40":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://www.veeam.com/kb4852","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-32997","sourceIdentifier":"support@hackerone.com","published":"2026-05-28T05:16:35.793","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server."}],"metrics":{"cvssMetricV40":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-36"}]}],"references":[{"url":"https://www.veeam.com/kb4852","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-32998","sourceIdentifier":"support@hackerone.com","published":"2026-05-28T05:16:35.970","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability in Veeam Service Provider Console allows for remote code execution."}],"metrics":{"cvssMetricV40":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-233"}]}],"references":[{"url":"https://www.veeam.com/kb4853","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-32999","sourceIdentifier":"support@hackerone.com","published":"2026-05-28T05:16:36.107","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices."}],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://support.cometbackup.com/hc/en-us/articles/40655100268439--CVE-2026-32999-RCE-on-Comet-Server-via-branding-configuration","source":"support@hackerone.com"}]}},{"cve":{"id":"CVE-2026-9806","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-28T08:16:38.000","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization. An attacker able to create or influence a convert name that is included in a notification could inject arbitrary JavaScript, which would execute in the browser of an authenticated user when they opened the notification panel. Successful exploitation could allow the attacker to perform actions in the victim's session or access information available to the application in the browser context. The issue was remediated by constructing notification elements through DOM methods and assigning notification message content via textContent instead of innerHTML. This vulnerability was only present on a development branch."}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:L/U:Clear","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"CLEAR"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/MISP/cti-transmute/commit/cf42409badc27b13d9bb644b9175aa7f27e11259","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2025-48977","sourceIdentifier":"security@apache.org","published":"2026-05-28T10:16:23.423","lastModified":"2026-05-29T14:11:25.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Relative Path Traversal vulnerability in Apache Ignite REST API.\n\nAuthenticated REST API users can read any file on the server with \"cmd=log\" command and a log path crafted in a certain way.\nThis issue affects Apache Ignite: from 2.0.0 through 2.17.0.\n\nUsers are recommended to upgrade to version 2.18.0, which fixes the issue."}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.18.0","matchCriteriaId":"5EB618DA-563A-467F-A78B-C9834C57FE1F"}]}]}],"references":[{"url":"https://lists.apache.org/thread/hgct6918sowd8l58yjohryhpxx81t4n1","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/28/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47074","sourceIdentifier":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","published":"2026-05-28T10:16:39.800","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation.\n\nThis vulnerability is associated with program files lib/ex_aws/sns.ex, lib/ex_aws/sns/public_key_cache.ex and program routines 'Elixir.ExAws.SNS':verify_message/1, 'Elixir.ExAws.SNS.PublicKeyCache':get/1.\n\n'Elixir.ExAws.SNS':verify_message/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that the host matches an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to an endpoint that calls verify_message/1 can supply an attacker-controlled SigningCertURL, sign a forged SNS message with their own key, and cause the function to return :ok, completely bypassing SNS signature verification.\n\nThis issue affects ex_aws_sns: from 2.0.1 before 2.3.5."}],"metrics":{"cvssMetricV40":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"https://cna.erlef.org/cves/CVE-2026-47074.html","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ex-aws/ex_aws_sns/commit/1853d280b152d10384a1e21a22cf22152a60be48","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://github.com/ex-aws/ex_aws_sns/security/advisories/GHSA-8jgf-23q5-x7xx","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"},{"url":"https://osv.dev/vulnerability/EEF-CVE-2026-47074","source":"6b3ad84c-e1a6-4bf7-a703-f496b71e49db"}]}},{"cve":{"id":"CVE-2026-9813","sourceIdentifier":"5a6e4751-2f3f-4070-9419-94fb35b644e8","published":"2026-05-28T10:16:40.243","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. Due to insufficient validation of the URL scheme and resolved destination address, affected versions may allow requests to loopback, link-local, private, reserved, or other restricted network resources, potentially enabling interaction with internal services or cloud metadata endpoints from the server's network context."}],"metrics":{"cvssMetricV40":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:X/V:X/RE:L/U:Green","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}]},"weaknesses":[{"source":"5a6e4751-2f3f-4070-9419-94fb35b644e8","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/flowintel/flowintel/commit/68b523b47854c54bf36fd706c0fd5353063b5409","source":"5a6e4751-2f3f-4070-9419-94fb35b644e8"}]}},{"cve":{"id":"CVE-2026-9658","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-05-28T13:16:25.067","lastModified":"2026-05-29T15:29:42.387","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths.\n\nThe header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example,\n\n  GET /path\\r\\nHTTP/1.1\\r\\nHost: secret.example.com\n\nNote that it is unclear whether request paths with CRLF followed by additional headers would be blocked by reverse proxies, or how they would be processed by Plack-based servers."}],"metrics":{},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-113"},{"lang":"en","value":"CWE-790"}]}],"references":[{"url":"https://metacpan.org/release/RRWO/Plack-Middleware-Security-Simple-v0.13.1/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/05/28/9","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-9828","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-05-28T14:16:27.430","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavily restricted.\n\nMore precisely, an attacker able to influence serialized data sent to \nSimpleSocketServer or SimpleSSLSocketServer can instantiate objects from\n classes in the java.lang and java.util packages that are not explicitly\n blocked.\n\nAlthough deserialization is heavily restricted by HardenedObjectInputStream and no \npractical way to achieve remote code execution or significant privilege \nescalation has been identified, this issue constitutes a bypass of the \nintended security restrictions.\n\n\n\nThis issue affects logback: through 1.5.32 inclusive."}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Green","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://logback.qos.ch/news.html#1.5.33","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2026-35675","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T16:16:21.800","lastModified":"2026-05-29T14:16:26.403","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verification or email confirmation. Attackers can enumerate valid usernames, obtain plaintext passwords via email, and achieve complete account takeover including administrative access."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-307"}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w9xh-5f39-vq89","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/phpmyfaq-authentication-bypass-via-missing-password-reset-token-in-api-user-password-update","source":"disclosure@vulncheck.com"},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w9xh-5f39-vq89","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-38702","sourceIdentifier":"cve@mitre.org","published":"2026-05-28T17:16:21.177","lastModified":"2026-05-29T14:09:18.733","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir315_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"949B390B-9038-43F1-89D9-86157D660C86"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir315:-:*:*:*:*:*:*:*","matchCriteriaId":"72A7D22C-B099-418A-B613-EDBD9EF8732B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir302_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.112","matchCriteriaId":"AA826D38-26F6-4F29-8FC6-AC9563001C0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*","matchCriteriaId":"0E358655-E442-4D2C-B0B8-03C6780EC55C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir615_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"ACD93230-0585-4773-BBCE-3BB208702CB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir615:-:*:*:*:*:*:*:*","matchCriteriaId":"A3237242-CF6E-4390-A9F7-85CE2C9BA29C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir305_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"74AFE6EF-AC8F-4D71-9C25-B52B6C028AD1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir305:-:*:*:*:*:*:*:*","matchCriteriaId":"0E1DFC28-E910-4287-81F0-D4CD883A989B"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38703","sourceIdentifier":"cve@mitre.org","published":"2026-05-28T17:16:21.293","lastModified":"2026-05-29T14:09:03.913","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir315_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"949B390B-9038-43F1-89D9-86157D660C86"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir315:-:*:*:*:*:*:*:*","matchCriteriaId":"72A7D22C-B099-418A-B613-EDBD9EF8732B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir302_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.112","matchCriteriaId":"AA826D38-26F6-4F29-8FC6-AC9563001C0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*","matchCriteriaId":"0E358655-E442-4D2C-B0B8-03C6780EC55C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir615_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"ACD93230-0585-4773-BBCE-3BB208702CB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir615:-:*:*:*:*:*:*:*","matchCriteriaId":"A3237242-CF6E-4390-A9F7-85CE2C9BA29C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir305_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"74AFE6EF-AC8F-4D71-9C25-B52B6C028AD1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir305:-:*:*:*:*:*:*:*","matchCriteriaId":"0E1DFC28-E910-4287-81F0-D4CD883A989B"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38704","sourceIdentifier":"cve@mitre.org","published":"2026-05-28T17:16:21.413","lastModified":"2026-05-29T14:08:07.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir315_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"949B390B-9038-43F1-89D9-86157D660C86"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir315:-:*:*:*:*:*:*:*","matchCriteriaId":"72A7D22C-B099-418A-B613-EDBD9EF8732B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir302_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.112","matchCriteriaId":"AA826D38-26F6-4F29-8FC6-AC9563001C0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*","matchCriteriaId":"0E358655-E442-4D2C-B0B8-03C6780EC55C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir615_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"ACD93230-0585-4773-BBCE-3BB208702CB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir615:-:*:*:*:*:*:*:*","matchCriteriaId":"A3237242-CF6E-4390-A9F7-85CE2C9BA29C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir305_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"74AFE6EF-AC8F-4D71-9C25-B52B6C028AD1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir305:-:*:*:*:*:*:*:*","matchCriteriaId":"0E1DFC28-E910-4287-81F0-D4CD883A989B"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-38707","sourceIdentifier":"cve@mitre.org","published":"2026-05-28T17:16:21.530","lastModified":"2026-05-29T14:08:41.327","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir315_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"949B390B-9038-43F1-89D9-86157D660C86"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir315:-:*:*:*:*:*:*:*","matchCriteriaId":"72A7D22C-B099-418A-B613-EDBD9EF8732B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir302_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.112","matchCriteriaId":"AA826D38-26F6-4F29-8FC6-AC9563001C0F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*","matchCriteriaId":"0E358655-E442-4D2C-B0B8-03C6780EC55C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir615_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"ACD93230-0585-4773-BBCE-3BB208702CB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir615:-:*:*:*:*:*:*:*","matchCriteriaId":"A3237242-CF6E-4390-A9F7-85CE2C9BA29C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:inhandnetworks:ir305_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.121","matchCriteriaId":"74AFE6EF-AC8F-4D71-9C25-B52B6C028AD1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:inhandnetworks:ir305:-:*:*:*:*:*:*:*","matchCriteriaId":"0E1DFC28-E910-4287-81F0-D4CD883A989B"}]}]}],"references":[{"url":"https://www.inhand.com/wp-content/uploads/InHand-PSA-2026-05_EN.pdf","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45292","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T17:16:32.060","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, the effect can fan out to downstream services that never received the original malicious request. This vulnerability is fixed in 1.62.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/open-telemetry/opentelemetry-java/commit/03837d3c1763bc35464aea1078671e2ef2336a5f","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-java/pull/8380","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.62.0","source":"security-advisories@github.com"},{"url":"https://github.com/open-telemetry/opentelemetry-java/security/advisories/GHSA-rcgg-9c38-7xpx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-6720","sourceIdentifier":"psirt@tigera.io","published":"2026-05-28T17:16:33.490","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embeds every credential calicoctl uses to talk to the cluster — inline kubeconfig (with bearer token), Kubernetes API bearer token, etcd password, and inline PEM-encoded etcd client certificate and key. Any reader of that stderr stream — CI job logs, session-recording archives, shared support-ticket transcripts, or local filesystem viewers on the host that ran calicoctl — can extract these credentials with zero Kubernetes privilege. calicoctl's default log level is panic, so this issue only triggers when verbose logging is explicitly enabled."}],"metrics":{"cvssMetricV40":[{"source":"psirt@tigera.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"psirt@tigera.io","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/projectcalico/calico/pull/12535","source":"psirt@tigera.io"},{"url":"https://github.com/projectcalico/calico/pull/12536","source":"psirt@tigera.io"},{"url":"https://github.com/projectcalico/calico/pull/12537","source":"psirt@tigera.io"},{"url":"https://www.tigera.io/security-bulletins/tta-2026-003/","source":"psirt@tigera.io"}]}},{"cve":{"id":"CVE-2026-44794","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:33.203","lastModified":"2026-05-29T13:29:06.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to reference another object that may belong to one of several different \"content types\" or database tables), when creating or updating an object containing a GenericForeignKey, Nautobot's REST API failed to enforce user \"view\" permissions when determining whether a given reference to another object would be valid. This vulnerability is fixed in 2.4.33 and 3.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.33","matchCriteriaId":"1519124C-E6CD-44DF-8DD7-D4A7003ADF94"},{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.2","matchCriteriaId":"8419C360-D723-4365-82B1-B4DE637BE43C"}]}]}],"references":[{"url":"https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/releases/tag/v2.4.33","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nautobot/nautobot/releases/tag/v3.1.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44796","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:33.417","lastModified":"2026-05-29T13:27:23.717","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.33","matchCriteriaId":"1519124C-E6CD-44DF-8DD7-D4A7003ADF94"},{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.2","matchCriteriaId":"8419C360-D723-4365-82B1-B4DE637BE43C"}]}]}],"references":[{"url":"https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/releases/tag/v2.4.33","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nautobot/nautobot/releases/tag/v3.1.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44797","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:33.837","lastModified":"2026-05-29T13:26:24.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.33","matchCriteriaId":"1519124C-E6CD-44DF-8DD7-D4A7003ADF94"},{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.2","matchCriteriaId":"8419C360-D723-4365-82B1-B4DE637BE43C"}]}]}],"references":[{"url":"https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/releases/tag/v2.4.33","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nautobot/nautobot/releases/tag/v3.1.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-45306","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:34.777","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect the Flask session directory (/tmp/pyLoad/flask). An authenticated attacker can set storage_folder to the session directory and download session files of other users via /files/get/, leading to account takeover. This vulnerability is fixed in 0.5.0b3.dev100."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-706"}]}],"references":[{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-w727-595x-pc3r","source":"security-advisories@github.com"},{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-w727-595x-pc3r","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45348","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:35.437","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to the DOM via $(div).html(html). No escaping runs between the API value and innerHTML. An attacker (Alice) who can submit a package link puts a single quote plus event handler into the URL, breaks out of the attribute, and executes JavaScript in every operator's browser that opens the downloads view. The theme does not set a Content Security Policy that restricts inline script or event handlers. This vulnerability is fixed in 0.5.0b3.dev100."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-fcjq-435v-jx94","source":"security-advisories@github.com"},{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-fcjq-435v-jx94","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45353","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:35.587","lastModified":"2026-05-29T15:34:31.597","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8,  This vulnerability is fixed in 3.9.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-732"},{"lang":"en","value":"CWE-940"}]}],"references":[{"url":"https://github.com/electerm/electerm/commit/0599e67069b00e376a2e962649aaad6096e63507","source":"security-advisories@github.com"},{"url":"https://github.com/electerm/electerm/security/advisories/GHSA-7p5m-v798-f8vv","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45787","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:35.977","lastModified":"2026-05-29T15:34:31.597","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alter config/bookmarks. This vulnerability is fixed in 3.9.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-326"},{"lang":"en","value":"CWE-329"},{"lang":"en","value":"CWE-353"},{"lang":"en","value":"CWE-759"},{"lang":"en","value":"CWE-916"}]}],"references":[{"url":"https://github.com/electerm/electerm/commit/9dd8295e37d53396b980cd45dfc5ed11ad79b937","source":"security-advisories@github.com"},{"url":"https://github.com/electerm/electerm/security/advisories/GHSA-g29v-q6h7-76wh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46561","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T18:16:36.123","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with a 302 redirect to an internal/private IP address, bypassing the is_global_host() check on the initial URL. This vulnerability is fixed in 0.5.0b3.dev100."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-8rp3-xc6w-5qp5","source":"security-advisories@github.com"},{"url":"https://github.com/pyload/pyload/security/advisories/GHSA-8rp3-xc6w-5qp5","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-42999","sourceIdentifier":"cve@mitre.org","published":"2026-05-28T19:16:37.630","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0)."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://bugs.launchpad.net/keystone/+bug/2148398","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-015.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-43000","sourceIdentifier":"cve@mitre.org","published":"2026-05-28T19:16:37.773","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://bugs.launchpad.net/keystone/+bug/2148477","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-015.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-44394","sourceIdentifier":"cve@mitre.org","published":"2026-05-28T19:16:38.223","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token() function in the mapped authentication plugin returns response data without an expires_at value. The token provider falls back to issuing a token with a fresh default TTL. By rescoping repeatedly before each token expires, a user can maintain access indefinitely, bypassing operator-configured token lifetime policies. This is a variant of CVE-2012-3426. Only deployments using federated identity (SAML2, OpenID Connect) are affected."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://bugs.launchpad.net/keystone/+bug/2150379","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-015.html","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-45039","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:38.390","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, get_shared_secret() in crates/ecstore/src/rpc/http_auth.rs, falls back to the public, source-tree-embedded DEFAULT_SECRET_KEY = \"rustfsadmin\" when neither the RUSTFS_RPC_SECRET environment variable nor the global S3 secret key has been configured. This vulnerability is fixed in 1.0.0-beta.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"},{"lang":"en","value":"CWE-1392"}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-r5qv-rc46-hv8q","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45040","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:38.543","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensitive credentials including SessionToken (JWT), SecretAccessKey, and full JWT claims are printed in plaintext to the server logs. This vulnerability is fixed in 1.0.0-beta.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-312"},{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-8cm2-h255-v749","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45041","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:38.697","lastModified":"2026-05-29T15:16:23.243","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST_PRIVATE_KEY and uses it in production via parse_license() to \"verify\" license tokens. Because the key is embedded in every published source release and binary, anyone who can read the repository or extract it from the binary can mint arbitrary license tokens (any subject, any expiration). When the license Cargo feature is enabled, this defeats the entire license-enforcement mechanism. This vulnerability is fixed in 1.0.0-beta.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-923g-jp7v-f97f","source":"security-advisories@github.com"},{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-923g-jp7v-f97f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45042","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:38.847","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject permission on the source bucket and PutObject on the destination bucket independently, but does not enforce any policy constraints on whether the destination bucket permits the specified copy source. This enables unauthorized cross-bucket data movement. This vulnerability is fixed in 1.0.0-beta.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-wfxj-ph3v-7mjf","source":"security-advisories@github.com"},{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-wfxj-ph3v-7mjf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45044","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:38.980","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds (e.g., glibc), the handler invokes a fixed 60-second CPU profiling operation (dump_cpu_pprof_for(Duration::from_secs(60))). This may result in significant CPU resource consumption per request and can potentially lead to denial of service when abused. Additionally, the handler returns the server’s absolute filesystem path in the response body, resulting in information disclosure. This vulnerability is fixed in 1.0.0-beta.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-8784-9m7f-c6p6","source":"security-advisories@github.com"},{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-8784-9m7f-c6p6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46526","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:39.430","lastModified":"2026-05-29T15:16:23.987","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validate_url to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by urlparse to prevent SSRF attacks. However, there are indeed differences in parsing between urlparse and the library that actually sends the request. For example, in safe_get, validate_url is first used to perform an SSRF check, and then requests.get is used to send the actual request. This vulnerability is fixed in 1.6.10."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/LearningCircuit/local-deep-research/pull/3873","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/pull/3882","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/pull/3889","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/pull/3932","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/releases/tag/v1.6.10","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-g23j-2vwm-5c25","source":"security-advisories@github.com"},{"url":"https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-g23j-2vwm-5c25","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46685","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:39.583","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and Access-Control-Allow-Headers: * on responses, including preflight responses and error responses. This creates a permissive cross-domain policy with untrusted origins. A browser visiting an attacker-controlled page can issue credentialed cross-origin requests to a reachable RustFS deployment and read the response when the victim browser has ambient credentials for the RustFS origin, such as saved HTTP Basic Auth credentials, reverse-proxy SSO cookies, or TLS client certificates. This vulnerability is fixed in 1.0.0-beta.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-942"}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-x5xv-223c-8vm7","source":"security-advisories@github.com"},{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-x5xv-223c-8vm7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-47136","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T19:16:39.753","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license information such as the license subject and expiration timestamp. Any client that can reach the console listener can query this endpoint without credentials. This vulnerability is fixed in 1.0.0-beta.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-xp32-gxq2-3v52","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-4944","sourceIdentifier":"security@huntr.dev","published":"2026-05-28T19:16:42.677","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and `vllm/model_executor/models/kimi_k25.py`). This bypasses the user's explicit `--trust-remote-code=False` setting, enabling remote code execution via malicious HuggingFace model repositories. This issue is an incomplete fix for CVE-2025-66448 and CVE-2026-22807, as it affects separate code paths in model implementation files. Deployments loading NemotronVL or KimiK25 models are particularly impacted."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://huntr.com/bounties/97f706f7-a852-49b2-a4eb-76811e611daf","source":"security@huntr.dev"},{"url":"https://huntr.com/bounties/97f706f7-a852-49b2-a4eb-76811e611daf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-33590","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2026-05-28T20:16:23.163","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent \n\naccess on the host."}],"metrics":{"cvssMetricV40":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://github.com/portainer/portainer/commit/3e2fdb1891e81a8e4c5c8beb60e45f07c8ecae52","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"},{"url":"https://github.com/portainer/portainer/commit/ac8fa7672e732b44b970c9eaf928eddd2c68796c","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"},{"url":"https://intwave.com/blog/2026/02/26/improving-portainer-security.html","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}},{"cve":{"id":"CVE-2026-49127","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T20:16:26.387","lastModified":"2026-05-29T14:07:47.980","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD commands referencing a malicious HTTP audio source to cause the unpack loop to write 1366 entries into a 1365-entry buffer, overwriting four bytes past the array boundary with three attacker-controlled bytes from an HTTP response body, resulting in daemon termination or potential code execution."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-193"}]}],"references":[{"url":"https://github.com/MusicPlayerDaemon/MPD/commit/59911028c020f84bc2e669da6a1ef88121301274","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/issues/2485","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/releases/tag/v0.24.11","source":"disclosure@vulncheck.com"},{"url":"https://mstreet97.github.io/security-research/opensource/vulnerability-disclosure/cybersecurity/cve/2026/05/25/Four_Bugs_Reachable_nc.html","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.24.11/NEWS","source":"disclosure@vulncheck.com"},{"url":"https://www.musicpd.org/news/2026/05/mpd-0-24-11-released/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/music-player-daemon-stack-buffer-overflow-via-pcm-unpack-24be","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-49128","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T20:16:26.547","lastModified":"2026-05-29T14:16:32.350","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without canonicalization, allowing '..' segments to survive into the resolved path and be flattened by the kernel at openat() time. An unauthenticated attacker can exploit this flaw using the listfiles command to enumerate names, sizes, and modification times of arbitrary directories readable by the MPD process, and the albumart command to read image files in any attacker-chosen directory outside the configured music_directory."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/MusicPlayerDaemon/MPD/commit/0b5315b9e5a42cb0e88bf46a7579bb5641543f60","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/issues/2484","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/releases/tag/v0.24.11","source":"disclosure@vulncheck.com"},{"url":"https://mstreet97.github.io/security-research/opensource/vulnerability-disclosure/cybersecurity/cve/2026/05/25/Four_Bugs_Reachable_nc.html","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.24.11/NEWS","source":"disclosure@vulncheck.com"},{"url":"https://www.musicpd.org/news/2026/05/mpd-0-24-11-released/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/music-player-daemon-path-traversal-via-localstorage-uri-handling","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/issues/2484","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49129","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T20:16:26.683","lastModified":"2026-05-29T14:07:47.980","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP server to redirect to non-HTTP protocols such as gopher, ftp, sftp, ldap, dict, rtmp, or rtsp. Attackers can trigger this vulnerability via MPD commands that initiate URL fetches, including add, readcomments, albumart, readpicture, or load, to interact with internal or restricted network services on systems running libcurl versions prior to 7.85.0."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/MusicPlayerDaemon/MPD/commit/78341dd6c7b101c3feede233d4cc4f8f1fcc4bb3","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/issues/2487","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/releases/tag/v0.24.11","source":"disclosure@vulncheck.com"},{"url":"https://mstreet97.github.io/security-research/opensource/vulnerability-disclosure/cybersecurity/cve/2026/05/25/Four_Bugs_Reachable_nc.html","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.24.11/NEWS","source":"disclosure@vulncheck.com"},{"url":"https://www.musicpd.org/news/2026/05/mpd-0-24-11-released/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/music-player-daemon-ssrf-via-curlinputplugin","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-49130","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-28T20:16:26.823","lastModified":"2026-05-29T14:07:47.980","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references. Attackers can inject forged key-value lines through the location field into MPD protocol responses including playlistinfo, currentsong, and listplaylist outputs, as well as the state file writer, by exploiting Expat's decoding of numeric character references prior to the character data callback."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-93"}]}],"references":[{"url":"https://github.com/MusicPlayerDaemon/MPD/commit/855085b35c67dddeef0652e2cb3ac8cdd4f457b7","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/issues/2483","source":"disclosure@vulncheck.com"},{"url":"https://github.com/MusicPlayerDaemon/MPD/releases/tag/v0.24.11","source":"disclosure@vulncheck.com"},{"url":"https://mstreet97.github.io/security-research/opensource/vulnerability-disclosure/cybersecurity/cve/2026/05/25/Four_Bugs_Reachable_nc.html","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.24.11/NEWS","source":"disclosure@vulncheck.com"},{"url":"https://www.musicpd.org/news/2026/05/mpd-0-24-11-released/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/music-player-daemon-crlf-injection-via-xspfplaylistplugin-cxx","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-9037","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-28T20:16:27.093","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the management channel could cause the device to install an unauthorized firmware package. This condition could allow execution of unauthorized code with high privileges on the device."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-494"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-9038","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-28T20:16:27.227","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur, which can lead to execution of unauthorized code with elevated privileges."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-9039","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-05-28T20:16:27.350","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1188"}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-148-08","source":"ics-cert@hq.dhs.gov"}]}},{"cve":{"id":"CVE-2026-41897","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T21:16:29.640","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issues Page) allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This vulnerability is fixed in 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/c885af13f0b8596714ffe11df757c09f35fbd8f4","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-j7v9-f46r-2rp4","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=37013","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-42070","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T21:16:29.830","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default settings) to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER (level 55) threshold required by the dedicated mc_issue_note_update() function. This vulnerability is fixed in 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/6e58fae4f22efdc3987f903c8ba2611de17a9435","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-pq86-j2c2-47f6","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=37089","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=37093","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-42071","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T21:16:30.017","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to download attachments on private bugnotes they should not be able to access, via the REST API endpoint GET /api/rest/issues/{id}/files and SOAP API mc_issue_attachment_get endpoint. This vulnerability is fixed in 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/029d9d203d9e4ae96b3e59d552fa7395cc1e5071","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-pw5x-2mf9-3xc8","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=27039","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=36985","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=37092","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-42398","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:30.180","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (CWE-918) in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations that the egress restriction controls were intended to block."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-9-2-8-and-9-3-2-security-update-esa-2026-37/386557","source":"security@elastic.co"}]}},{"cve":{"id":"CVE-2026-42399","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:30.323","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated low-privileged user can cause Kibana to consume exponentially increasing amounts of memory by submitting a specially crafted Timelion visualization expression containing deeply chained function calls. The resulting data structure grows without bound, exhausting available memory and causing the Kibana service to crash and become unavailable to all users."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-8-19-16-and-9-3-5-security-update-esa-2026-36/386556","source":"security@elastic.co"}]}},{"cve":{"id":"CVE-2026-42400","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:30.497","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumption that can result in a Kibana instance becoming unresponsive or crashing."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-8-19-16-9-3-5-9-4-2-security-update-esa-2026-35/386554","source":"security@elastic.co"}]}},{"cve":{"id":"CVE-2026-44655","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T21:16:30.900","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/5cb4b469295889f5d2b01677c9bf82c143e0fdaa","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-7mqj-8gj2-cg59","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44657","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T21:16:31.053","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability is fixed in 2.28.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/mantisbt/mantisbt/commit/26647b2e68ba30b9d7987d4e03d7a16416684bc2","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-9c3j-xm6v-j7j3","source":"security-advisories@github.com"},{"url":"https://github.com/mantisbt/mantisbt/security/advisories/GHSA-p6fr-rxq7-xcg8","source":"security-advisories@github.com"},{"url":"https://mantisbt.org/bugs/view.php?id=37020","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49093","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:34.350","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.0}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-9-3-3-security-update-esa-2026-40/386562","source":"security@elastic.co"}]}},{"cve":{"id":"CVE-2026-49094","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:34.503","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume excessive CPU and memory resources while processing the request. This results in Kibana becoming unavailable to all users until the service is manually recovered."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-8-19-16-security-update-esa-2026-39/386561/1","source":"security@elastic.co"}]}},{"cve":{"id":"CVE-2026-49095","sourceIdentifier":"security@elastic.co","published":"2026-05-28T21:16:34.660","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequately validated. An attacker can cause Elastic Agents to be issued API keys with elevated Elasticsearch privileges, potentially granting unauthorized read and write access to sensitive Elasticsearch security indices beyond what is intended for the Fleet management role."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://discuss.elastic.co/t/kibana-fleet-8-19-16-9-3-5-and-9-4-2-security-update-esa-2026-38/386559","source":"security@elastic.co"}]}},{"cve":{"id":"CVE-2026-44848","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:16:58.837","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*) were not registered with a handler, so standard users with endpoint access could call privileged plugin operations — including installing and enabling plugins — directly against the underlying Docker daemon. The vulnerability is exposed when a non-admin Portainer user (Standard User role, or any role granted endpoint-level access) has been given access to a Docker endpoint via Portainer RBAC. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-rrmm-9v76-h3p4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44849","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:16:58.973","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt (Seccomp / AppArmor), and bind mounts. These restrictions are enforced on the standard container creation path, but several of them are not applied on the Docker Swarm service API. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-5fxq-qcf3-244w","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44850","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:16:59.107","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for non-administrators security setting that blocks regular users from binding host paths into containers they create through the Portainer-mediated Docker API. The check that enforces this setting only inspected the legacy HostConfig.Binds array on the container-create proxy and never looked at the equivalent HostConfig.Mounts array. Any authenticated user with rights to create containers on a Docker environment where the restriction is enabled could submit a bind-typed entry under HostConfig.Mounts and mount any host path into their container. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-7fw3-x4r2-g7wc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44881","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:16:59.247","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 (symlink) into real OS symlinks on the host filesystem via os.Symlink. The only entry blocked from becoming a symlink is .gitmodules; every other path is created as a symlink without validation. Portainer's GET /api/stacks/{id}/file endpoint then reads the stack entry point with os.ReadFile, which follows OS symlinks transparently. A repository containing docker-compose.yml as a symlink to an arbitrary filesystem path causes the symlink target's contents to be returned verbatim in the HTTP response. Any authenticated user with rights to create or update a Git-backed stack — the default configuration in Portainer CE — can read arbitrary files accessible to the Portainer process. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-59"},{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-rpgq-m5fp-32wr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44882","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:16:59.380","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33., Portainer proxies requests to Kubernetes clusters through a middleware layer (kubeClientMiddleware) that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missing a return statement — execution continued into the handler with a nil tokenData value. The Kubernetes endpoints sit behind Portainer's outer AuthenticatedAccess bouncer, so an attacker requires a valid Portainer session. However, a user whose secondary token validation fails in kubeClientMiddleware — for example a user without permission to access a given Kubernetes endpoint — would have their request forwarded to the cluster anyway, bypassing the authorization check. The same defect was present in both the CE and EE codebases. This vulnerability is fixed in 2.33.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-mgq6-4x29-88r3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44883","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:16:59.537","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token=<JWT> URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers on outbound navigation, so any JWT passed this way can be harvested by anyone with access to those logs or by an external site the user subsequently visits. A leaked token grants the full privileges of the user it was issued to, until the token expires (default 8 hours, configurable). The ?token= parameter was used by Portainer's browser-based container attach, exec, and pod shell features, so any user with exec or attach rights on a container was exposed — not only administrators. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-598"}]}],"references":[{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-jvp4-q659-95mj","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44884","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:16:59.677","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint (GET /api/custom_templates/{id}/file) allows any authenticated user to read the file content of any custom template by enumerating sequential integer IDs, bypassing Resource Control access restrictions. Template files may contain environment-specific values such as connection strings, API tokens, or registry credentials that administrators would not expect standard users to read. This vulnerability is fixed in 2.33.8 and 2.39.1."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-cqpq-2fgr-8mvc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44885","sourceIdentifier":"security-advisories@github.com","published":"2026-05-28T22:16:59.803","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function (ExtractTarGz in api/archive/targz.go) constructed output paths using filepath.Clean(filepath.Join(outputDirPath, header.Name)). This combination does not prevent directory traversal — a tar entry named ../../etc/cron.d/evil resolves to a path outside the extraction root, so a crafted archive can write files to arbitrary locations on the server filesystem. This vulnerability is fixed in 2.33.8."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/portainer/portainer-suite/pull/1875","source":"security-advisories@github.com"},{"url":"https://github.com/portainer/portainer/security/advisories/GHSA-m8fg-67j7-cx4v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49299","sourceIdentifier":"cve@mitre.org","published":"2026-05-28T22:17:02.093","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags on same-project resources. Deployments running Neutron 26.0.0 or later are affected."}],"metrics":{"cvssMetricV40":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://bugs.launchpad.net/bugs/2150132","source":"cve@mitre.org"},{"url":"https://review.opendev.org/c/openstack/neutron/+/989099","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2026/05/28/8","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-10000","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-28T23:16:40.907","lastModified":"2026-05-29T15:16:21.197","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html","source":"chrome-cve-admin@google.com"},{"url":"https://issues.chromium.org/issues/513505608","source":"chrome-cve-admin@google.com"}]}},{"cve":{"id":"CVE-2026-10014","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-28T23:16:43.233","lastModified":"2026-05-29T15:16:21.693","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html","source":"chrome-cve-admin@google.com"},{"url":"https://issues.chromium.org/issues/514742327","source":"chrome-cve-admin@google.com"}]}},{"cve":{"id":"CVE-2026-9969","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-28T23:16:55.117","lastModified":"2026-05-29T14:16:34.500","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html","source":"chrome-cve-admin@google.com"},{"url":"https://issues.chromium.org/issues/506550494","source":"chrome-cve-admin@google.com"}]}},{"cve":{"id":"CVE-2026-9970","sourceIdentifier":"chrome-cve-admin@google.com","published":"2026-05-28T23:16:55.213","lastModified":"2026-05-29T15:16:26.693","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}]},"weaknesses":[{"source":"chrome-cve-admin@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html","source":"chrome-cve-admin@google.com"},{"url":"https://issues.chromium.org/issues/506653647","source":"chrome-cve-admin@google.com"}]}},{"cve":{"id":"CVE-2026-6891","sourceIdentifier":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","published":"2026-05-29T00:16:15.987","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have authorization."}],"metrics":{"cvssMetricV40":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":3.6}]},"weaknesses":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://canon.jp/support/support-info/260528-2vulnerability-response","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https://psirt.canon/advisory-information/cp2026-004/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https://www.canon-europe.com/support/product-security/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"}]}},{"cve":{"id":"CVE-2026-6892","sourceIdentifier":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","published":"2026-05-29T00:16:16.847","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of directories for which they would not normally have authorization. \n\n*:Canon PIXUS iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (Japan)\n\nCanon PIXMA MG2500 Series and iX6800 Series CUPS Printer Driver for macOS Version 16.91.0.0 or earlier (US and Europe)"}],"metrics":{"cvssMetricV40":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":3.6}]},"weaknesses":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://canon.jp/support/support-info/260528-1vulnerability-response","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https://psirt.canon/advisory-information/cp2026-004/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https://www.canon-europe.com/support/product-security/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https://www.usa.canon.com/support/canon-product-advisories/CPA2026-004-Vulnerability-Remediation-for-My-Image-Garden-for-macOS-and-CUPS-Printer-Driver-for-macOS","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"}]}},{"cve":{"id":"CVE-2026-7480","sourceIdentifier":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","published":"2026-05-29T02:16:17.223","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism.\nRefer to the 'Security Update for ASUS System Control Interface' section on the ASUS Security Advisory for more information."}],"metrics":{"cvssMetricV40":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://www.asus.com/security-advisory/","source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}]}},{"cve":{"id":"CVE-2026-8070","sourceIdentifier":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","published":"2026-05-29T02:16:17.380","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' \nSecurity Update for Armoury Crate App   ' section on the ASUS Security Advisory for more information."}],"metrics":{"cvssMetricV40":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://www.asus.com/security-advisory","source":"54bf65a7-a193-42d2-b1ba-8e150d3c35e1"}]}},{"cve":{"id":"CVE-2026-6324","sourceIdentifier":"secalert@redhat.com","published":"2026-05-29T07:16:14.327","lastModified":"2026-05-29T15:16:25.023","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Successful exploitation can allow an attacker to bypass security controls, poison web caches, or gain unauthorized access."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-6324","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458479","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/issues/508","source":"secalert@redhat.com"},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/work_items/508","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-9493","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-29T07:16:14.620","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10940-d90bd-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10938-97ddd-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-49322","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T08:16:19.060","lastModified":"2026-05-29T15:16:24.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The Infotainment Digital Round display computes its response using a non-cryptographic operation rather than a cryptographic challenge-response, so the PIN is mathematically derivable from one captured exchange, defeating the motorcycle's primary user-authentication control. Specific protocol details have been withheld pending vendor remediation."}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-294"},{"lang":"en","value":"CWE-327"},{"lang":"en","value":"CWE-1390"}]}],"references":[{"url":"https://www.asrg.io/security-advisories/cve-2026-49322-indian-scout-infotainment-wcm-weak-authentication","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-4776","sourceIdentifier":"security@mautic.org","published":"2026-05-29T08:16:19.260","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-fcmw-wx57-9p75","source":"security@mautic.org"}]}},{"cve":{"id":"CVE-2026-10052","sourceIdentifier":"secalert@redhat.com","published":"2026-05-29T09:16:17.003","lastModified":"2026-05-29T14:06:47.240","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network reconnaissance from the Quay pod's network position, potentially mapping the internal network infrastructure."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-10052","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483157","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-10057","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-29T09:16:17.310","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10942-2b78b-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10941-6c082-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-10058","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-29T09:16:17.460","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10942-2b78b-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10941-6c082-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-49195","sourceIdentifier":"8fc372e3-d9c5-46e4-9410-38469745c639","published":"2026-05-29T09:16:17.610","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands."}],"metrics":{"cvssMetricV40":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://community.acer.com/en/kb/articles/19672","source":"8fc372e3-d9c5-46e4-9410-38469745c639"}]}},{"cve":{"id":"CVE-2026-49196","sourceIdentifier":"8fc372e3-d9c5-46e4-9410-38469745c639","published":"2026-05-29T09:16:17.743","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands."}],"metrics":{"cvssMetricV40":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://community.acer.com/en/kb/articles/19672","source":"8fc372e3-d9c5-46e4-9410-38469745c639"}]}},{"cve":{"id":"CVE-2026-49197","sourceIdentifier":"8fc372e3-d9c5-46e4-9410-38469745c639","published":"2026-05-29T09:16:17.877","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails."}],"metrics":{"cvssMetricV40":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://community.acer.com/en/kb/articles/19672","source":"8fc372e3-d9c5-46e4-9410-38469745c639"}]}},{"cve":{"id":"CVE-2026-49198","sourceIdentifier":"8fc372e3-d9c5-46e4-9410-38469745c639","published":"2026-05-29T09:16:18.007","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors."}],"metrics":{"cvssMetricV40":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://community.acer.com/en/kb/articles/19672","source":"8fc372e3-d9c5-46e4-9410-38469745c639"}]}},{"cve":{"id":"CVE-2026-49199","sourceIdentifier":"8fc372e3-d9c5-46e4-9410-38469745c639","published":"2026-05-29T09:16:18.143","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device."}],"metrics":{"cvssMetricV40":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://community.acer.com/en/kb/articles/19672","source":"8fc372e3-d9c5-46e4-9410-38469745c639"}]}},{"cve":{"id":"CVE-2026-49200","sourceIdentifier":"8fc372e3-d9c5-46e4-9410-38469745c639","published":"2026-05-29T09:16:18.270","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access."}],"metrics":{"cvssMetricV40":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"references":[{"url":"https://community.acer.com/en/kb/articles/19673","source":"8fc372e3-d9c5-46e4-9410-38469745c639"}]}},{"cve":{"id":"CVE-2026-10078","sourceIdentifier":"secalert@redhat.com","published":"2026-05-29T11:16:16.663","lastModified":"2026-05-29T14:06:47.240","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to the disclosure of these credentials in various system logs, such as server access logs, reverse proxy logs, and other monitoring systems. An attacker with access to these logs could potentially obtain these credentials, leading to unauthorized information disclosure."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-598"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-10078","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483168","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-42965","sourceIdentifier":"secalert@redhat.com","published":"2026-05-29T11:16:16.923","lastModified":"2026-05-29T14:06:47.240","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud metadata endpoint, leading to the disclosure of instance credentials and other sensitive metadata. This bypasses previous security measures for validating IP addresses."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-42965","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483184","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-46579","sourceIdentifier":"secalert@redhat.com","published":"2026-05-29T11:16:17.050","lastModified":"2026-05-29T14:06:47.240","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Client-*` headers. As a result, backends relying on these headers for mutual TLS (Transport Layer Security) authentication can be bypassed, enabling the attacker to impersonate client certificate identities."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-46579","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483181","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-49201","sourceIdentifier":"8fc372e3-d9c5-46e4-9410-38469745c639","published":"2026-05-29T11:16:17.183","lastModified":"2026-05-29T14:46:09.837","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection."}],"metrics":{"cvssMetricV40":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"8fc372e3-d9c5-46e4-9410-38469745c639","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://community.acer.com/en/kb/articles/19673","source":"8fc372e3-d9c5-46e4-9410-38469745c639"}]}},{"cve":{"id":"CVE-2026-9557","sourceIdentifier":"security@mautic.org","published":"2026-05-29T11:16:17.853","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server, enabling internal network reconnaissance or forcing requests to arbitrary internal or external destinations."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-jmv8-8j9j-rcpc","source":"security@mautic.org"}]}},{"cve":{"id":"CVE-2026-9558","sourceIdentifier":"security@mautic.org","published":"2026-05-29T11:16:17.980","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the hosting server (Remote Code Execution) or access restricted system files and configuration settings."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1336"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-9fx4-7cmj-47vg","source":"security@mautic.org"}]}},{"cve":{"id":"CVE-2025-41265","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:21.743","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41265","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41266","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:22.823","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41266","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41267","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:22.947","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41267","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41268","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:23.067","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41268","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41269","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:23.190","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41269","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41270","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:23.323","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41270","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41271","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:23.450","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41271","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41272","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:23.570","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41272","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41273","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:23.690","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41273","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41274","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:23.810","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41274","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41275","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:23.930","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41275","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41276","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:24.050","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41276","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41277","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:24.167","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41277","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41278","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:24.293","lastModified":"2026-05-29T14:06:26.220","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41278","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41279","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:24.420","lastModified":"2026-05-29T14:06:47.240","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating system commands on the WF-500 RX Host."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41279","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41280","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:24.547","lastModified":"2026-05-29T14:06:47.240","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41280","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2025-41281","sourceIdentifier":"prodsec@nozominetworks.com","published":"2026-05-29T12:16:24.670","lastModified":"2026-05-29T14:06:47.240","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured."}],"metrics":{"cvssMetricV40":[{"source":"prodsec@nozominetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"prodsec@nozominetworks.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-41281","source":"prodsec@nozominetworks.com"}]}},{"cve":{"id":"CVE-2026-9559","sourceIdentifier":"security@mautic.org","published":"2026-05-29T12:16:26.680","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges (campaign:imports:create) can write arbitrary PHP files to sensitive system directories. An attacker can exploit this to overwrite critical internal configuration or cache components, resulting in Remote Code Execution (RCE) under the context of the web server user."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-6r9h-4h75-7q4x","source":"security@mautic.org"}]}},{"cve":{"id":"CVE-2026-9808","sourceIdentifier":"security@mautic.org","published":"2026-05-29T12:16:26.800","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as `viewown` or `editown`) are not properly enforced. This allows low-privilege authenticated API users to bypass ownership-logic controls and access or modify resources belonging to other users."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-2jrw-c95w-h43g","source":"security@mautic.org"}]}},{"cve":{"id":"CVE-2026-9809","sourceIdentifier":"security@mautic.org","published":"2026-05-29T12:16:26.917","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or forms), user-supplied project names are rendered without proper sanitization. An authenticated user with permissions to create or edit projects can exploit this to inject malicious script payloads. When an administrative user views an entity associated with a compromised project and hovers over its tag, the injected script executes within the context of their active browser session. This could allow an attacker to perform administrative actions on behalf of the victim, alter system configurations, or exfiltrate sensitive data."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-7h65-whp7-rgqf","source":"security@mautic.org"}]}},{"cve":{"id":"CVE-2026-9811","sourceIdentifier":"security@mautic.org","published":"2026-05-29T12:16:27.030","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields. An authenticated user with permissions to create projects can exploit this to store a malicious script payload in the project's name. When another administrative user subsequently opens an entity editor containing the project selector, the injected script executes within the context of their active browser session. This could allow an attacker to hijack the session, perform unauthorized state coordination, or access organizational data within the dashboard."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-5hvg-w58j-545m","source":"security@mautic.org"}]}},{"cve":{"id":"CVE-2026-10071","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-29T13:16:22.480","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-45043","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T13:16:22.630","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user (minioadmin). The endpoint accepts attacker-controlled parent, claims, accessKey, and secretKey values without enforcing privilege boundaries or sanitization. This enables privilege escalation to full administrative access using a persistent, attacker-defined credential. This vulnerability is fixed in 1.0.0-beta.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/rustfs/rustfs/security/advisories/GHSA-566f-q62r-wcr8","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49323","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T13:16:23.407","lastModified":"2026-05-29T15:16:24.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively observing a single seed/key exchange. The WCM derives its response using a reversible, non-cryptographic operation rather than a cryptographic challenge-response, so the persistent immobilizer secret can be reconstructed from one captured exchange. With this secret the attacker can authenticate to the ECM independently of the WCM and start the engine, defeating the immobilizer. Specific protocol details have been withheld pending vendor remediation."}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-327"},{"lang":"en","value":"CWE-798"},{"lang":"en","value":"CWE-1390"}]}],"references":[{"url":"https://www.asrg.io/security-advisories/cve-2026-49323-indian-scout-wcm-ecm-weak-authentication","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49324","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T13:16:23.557","lastModified":"2026-05-29T15:16:24.753","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled resource consumption in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the immobilizer authentication algorithm, but the lockout counter is reachable by any unauthenticated message, has no session binding, and does not reset on power cycle. An attacker can deliberately trip the lockout with a small number of crafted frames, leaving the bike un-startable until dealer service. Specific thresholds have been withheld pending vendor remediation."}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-307"},{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://www.asrg.io/security-advisories/cve-2026-49324-indian-scout-wcm-bruteforce-lockout-dos","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-8326","sourceIdentifier":"vulnerability@ncsc.ch","published":"2026-05-29T13:16:23.770","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection.  Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker.\n\nThis issue affects SparkView: before build 1127."}],"metrics":{"cvssMetricV40":[{"source":"vulnerability@ncsc.ch","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vulnerability@ncsc.ch","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://www.remotespark.com/view/new.html","source":"vulnerability@ncsc.ch"}]}},{"cve":{"id":"CVE-2026-9508","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-05-29T13:16:23.967","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly download backup ZIP files via ‘http(s)://[server]/download/…’ without requiring authentication. This exposes highly sensitive information that can lead to server impersonation, unauthorized access to databases, and lateral movement."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-supremas-biostar","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-9509","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-05-29T13:16:24.120","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service (DoS) by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes, leaving the system offline until the services or server are manually restarted. As a result, access control readers cease to function, and potential failures may occur in third-party integrations. Since the exploit requires no privileges or user interaction and is trivial to automate, the impact on availability is high, and the effect extends to interconnected systems."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-248"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-supremas-biostar","source":"cve-coordination@incibe.es"}]}},{"cve":{"id":"CVE-2026-10061","sourceIdentifier":"cna@vuldb.com","published":"2026-05-29T14:16:25.563","lastModified":"2026-05-29T15:11:32.477","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_2/2.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/814757","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367147","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367147/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10072","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-29T14:16:25.817","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-10073","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-29T14:16:25.953","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-10074","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-29T14:16:26.097","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-23"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-10075","sourceIdentifier":"twcert@cert.org.tw","published":"2026-05-29T14:16:26.250","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability."}],"metrics":{"cvssMetricV40":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Primary","description":[{"lang":"en","value":"CWE-36"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-10946-1127f-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-10943-8fb00-1.html","source":"twcert@cert.org.tw"}]}},{"cve":{"id":"CVE-2026-40510","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-29T14:16:26.540","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.0,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.4,"impactScore":3.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/OpenSC/OpenSC/commit/3f24f0b48a481a8cf2e46059d8238a283ddc1c13","source":"disclosure@vulncheck.com"},{"url":"https://github.com/OpenSC/OpenSC/pull/3558","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/opensc-stack-buffer-overflow-via-piv-process-history-in-card-piv-c","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-40528","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-29T14:16:26.730","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.0,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.4,"impactScore":3.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-121"},{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://github.com/OpenSC/OpenSC/commit/0358817ec74aeca654f83e7709c7720b14c5db59","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/opensc-buffer-overrun-in-do-key-value-via-profile-c","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-44237","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:27.060","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client_id is required. The validateClient() method in ClientRepository.php unconditionally returns true, allowing any party with knowledge of a valid client_id to obtain OAuth2 access tokens without providing the correct client_secret. This vulnerability is fixed in 17.0.8."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1390"}]}],"references":[{"url":"https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vgjf-4h63-8vcc","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44238","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:27.233","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges are not needed. This vulnerability is fixed in 16.0.50 and 17.0.11."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/FreePBX/security-reporting/security/advisories/GHSA-p9fq-fmpw-2h9x","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-44239","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:27.363","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST['rawname'] parameter is concatenated into an include() call with a .class.php suffix, allowing path traversal via ../ sequences to include arbitrary .class.php files from the filesystem. The included file's PHP code executes before the subsequent class instantiation error occurs. This vulnerability is fixed in 16.0.22 and 17.0.5."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://github.com/FreePBX/security-reporting/security/advisories/GHSA-hw7v-v2jp-wc4v","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45578","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:30.253","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsync() command line by string concatenation, single-quoting each argument but never calling escapeshellarg(). A ' in any of the three interpolated values ($users_id, $m3u8, $obj->liveTransmitionHistory_id) closes the quoted token and lets the attacker append arbitrary commands."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xw67-cg5f-4m2r","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45580","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:30.413","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a stored cross-site scripting vulnerability. The Live plugin's \"YouTube-style\" view renders the live transmission's stream key into an HTML class attribute by raw echo, without htmlspecialchars(). A canStream user can persist a key containing \" plus an event handler via plugin/Live/saveLive.php, and any visitor (logged in or anonymous) opening the stream's live page executes attacker JavaScript in the platform origin."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-m5j4-7r85-2cj2","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45582","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:30.563","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md. This vulnerability is fixed in 2.51.3."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-201"}]}],"references":[{"url":"https://github.com/czlonkowski/n8n-mcp/commit/6cf6fef653fcd6d598f2f356aac4754931c7329f","source":"security-advisories@github.com"},{"url":"https://github.com/czlonkowski/n8n-mcp/pull/782","source":"security-advisories@github.com"},{"url":"https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.3","source":"security-advisories@github.com"},{"url":"https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-f3rg-xqjj-cj9w","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45610","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:30.713","lastModified":"2026-05-29T15:16:23.610","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FA(User::getId(), false) on the session-authenticated user, and returns. There is no forbidIfIsUntrustedRequest() call, no isTokenValid() check, no X-CSRF-Token/SameSite enforcement, and no re-authentication step. A cross-origin page that the victim visits while logged into the AVideo dashboard issues the POST via a hidden form (or fetch without credentials:\"omit\") and disables the victim's 2FA in one request."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"},{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-3mv2-vmwh-rwfx","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-3mv2-vmwh-rwfx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-45619","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:30.980","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS pinning via CURLOPT_RESOLVE, opening DNS-rebinding TOCTOU."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-367"},{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-c3ch-22rq-xfwr","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45620","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:31.107","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck() or admin gate. It only has an entry guard: preg_match('/^@/', $_REQUEST['term']) and hard-coded rowCount=10. This enables unauthenticated user enumeration."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-204"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-vpfx-pxqw-2w79","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45707","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:31.240","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level N8N_API_URL / N8N_API_KEY credentials configured for the operator's own n8n instance. As a result, an authenticated MCP tenant could cause n8n management calls to execute against the operator's instance instead of its own. This affects HTTP-mode deployments of n8n-mcp that are run as a shared multi-tenant service. Single-tenant deployments (ENABLE_MULTI_TENANT unset or false) are not affected. This vulnerability is fixed in 2.51.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/czlonkowski/n8n-mcp/commit/853015d0897be7cf2d9d4726de195c938e4395ab","source":"security-advisories@github.com"},{"url":"https://github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.2","source":"security-advisories@github.com"},{"url":"https://github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-jxx9-px88-pj69","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-45731","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:31.383","lastModified":"2026-05-29T15:16:23.787","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-3mjv-375j-6h92","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-3mjv-375j-6h92","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46376","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:31.677","lastModified":"2026-05-29T15:06:44.207","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP is required for the initial setup of UCP generic templates, but after that, without further steps by the admin, unauthenticated users may be able to gain access. This vulnerability is fixed in 16.0.45 and 17.0.7."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m55x-h47x-v3gx","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-46510","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:31.807","lastModified":"2026-05-29T14:16:31.807","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, or prototype. A single HTTP form field whose name starts with __proto__[...] causes the library to mutate Object.prototype, which is a prototype pollution primitive of the entire Node.js process. This vulnerability is fixed in 1.0.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"references":[{"url":"https://github.com/kaspernj/form-data-objectizer/commit/7c54b99408e6e9cd6533b7245bf197dadc2a2dbc","source":"security-advisories@github.com"},{"url":"https://github.com/kaspernj/form-data-objectizer/security/advisories/GHSA-m2hg-wjq3-28wq","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-47696","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T14:16:32.127","lastModified":"2026-05-29T15:16:24.103","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance() without validating\nany Authorize.Net transaction, webhook signature, hosted payment token, nonce, or server-side payment record. This allows any logged-in user to add arbitrary funds to their own AVideo wallet when the AuthorizeNet and YPTWallet plugins are enabled."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-9392-pj54-qqf8","source":"security-advisories@github.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-9392-pj54-qqf8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-49316","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T14:16:32.480","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a well-known CAN error-frame injection technique against a periodic WCM transmission, the attacker drives the WCM CAN controller's transmit error counter past the bus-off threshold, after which the WCM stops transmitting all messages, including the shutdown command. Peer ECUs do not interpret WCM silence as a security event and continue normal operation, allowing the motorcycle to be operated despite the immobilizer never having been unlocked. Specific protocol details have been withheld pending vendor remediation."}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-440"},{"lang":"en","value":"CWE-693"},{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/440.html","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49317","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T14:16:32.630","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation."}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.0,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-636"},{"lang":"en","value":"CWE-696"},{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/696.html","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49318","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T14:16:32.780","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a proxy for whether an immobilizer is fitted; if no WCM messages are observed, it skips the PIN entry screen and shows the normal user interface. An attacker who silences the WCM during the boot window — for example via a separately tracked CAN bus-off technique — can present a fully unlocked Infotainment despite the PIN never being entered. Specific timing and protocol details have been withheld pending vendor remediation."}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.0,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-636"},{"lang":"en","value":"CWE-696"},{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/696.html","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-49325","sourceIdentifier":"cve@asrg.io","published":"2026-05-29T14:16:33.067","lastModified":"2026-05-29T15:11:03.853","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module (WCM) wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via a falling-edge voltage transition on a dedicated wire pair. The receiving ECU does not distinguish between an active shutdown pulse and an open-circuit / disconnected condition; interrupting the relevant wires leaves the motorcycle fully operable even though the WCM never validated the rider's PIN. Specific connector details have been withheld pending vendor remediation."}],"metrics":{"cvssMetricV40":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-693"},{"lang":"en","value":"CWE-754"},{"lang":"en","value":"CWE-1384"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/1384.html","source":"cve@asrg.io"}]}},{"cve":{"id":"CVE-2026-10062","sourceIdentifier":"cna@vuldb.com","published":"2026-05-29T15:16:22.073","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_3/3.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/814758","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367148","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367148/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-10063","sourceIdentifier":"cna@vuldb.com","published":"2026-05-29T15:16:22.240","lastModified":"2026-05-29T15:42:56.873","vulnStatus":"Undergoing Analysis","cveTags":[{"sourceIdentifier":"cna@vuldb.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer."}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_4/4.md","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/814759","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367149","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/367149/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-39292","sourceIdentifier":"cve@mitre.org","published":"2026-05-29T15:16:22.483","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types and executable content."}],"metrics":{},"references":[{"url":"https://github.com/HansSchouten/PHPageBuilder","source":"cve@mitre.org"},{"url":"https://github.com/krishnadevpmelevila/CVE-2026-39292/tree/main","source":"cve@mitre.org"}]}},{"cve":{"id":"CVE-2026-45609","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T15:16:23.463","lastModified":"2026-05-29T15:16:23.463","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to the network. This only affects installations with Dynamic Client Registration (DCR) enabled This vulnerability is fixed in 0.1.9."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/spring-ai-community/mcp-security/security/advisories/GHSA-qjp4-4jvr-xqg3","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-4290","sourceIdentifier":"security@wordfence.com","published":"2026-05-29T15:16:24.893","lastModified":"2026-05-29T15:39:34.620","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. This is due to the check_permission() callback unconditionally returning true and the Database::delete() method passing the user ID directly to wp_delete_user() without any role validation. This makes it possible for unauthenticated attackers to delete arbitrary user accounts, including those of administrators."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://wptravel.io/wp-travel-pro/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/885dd550-4c80-4e36-8dae-cb47c1500ea5?source=cve","source":"security@wordfence.com"}]}}]}