Common Vulnerabilities and Exposures (CVE)

CVE-2026-25789

Jul 14, 2026 09:19:16 UTC

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in mal...

CVE-2026-25787

Jul 14, 2026 09:19:14 UTC

Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA projec...

CVE-2026-25786

Jul 14, 2026 09:19:12 UTC

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the p...

CVE-2026-7891

Jul 14, 2026 09:19:09 UTC

A vulnerability has been identified in Mendix Runtime (All versions). Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to confi...

CVE-2025-40833

Jul 14, 2026 09:19:07 UTC

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.

CVE-2022-34659

Jul 14, 2026 09:19:01 UTC

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. ...

CVE-2026-52718

Jul 14, 2026 07:46:02 UTC

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchroniza...

CVE-2026-5005

Jul 14, 2026 07:43:40 UTC

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS. This issue affects OKRs & Goals: from ...

CVE-2026-58228

Jul 14, 2026 04:15:01 UTC

Cross-site scripting vulnerability in phoenixframework phoenix_live_view allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.valid_destination!/2 and Phoenix.L...

CVE-2026-6875

Jul 14, 2026 03:55:45 UTC

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platf...

CVE-2026-54001

Jul 14, 2026 03:55:44 UTC

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the authenticode t...

CVE-2026-54000

Jul 14, 2026 03:55:44 UTC

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes tabl...

CVE-2026-54919

Jul 14, 2026 03:55:43 UTC

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHT...

CVE-2026-59796

Jul 14, 2026 03:55:42 UTC

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

CVE-2026-59793

Jul 14, 2026 03:55:41 UTC

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration