|
2461
|
- |
|
-
|
-
|
An authentication
bypass security issue exists within FactoryTalk Historian Site Edition. By
continually sending requests to the login endpoint, an attacker may obtain a
valid authentication token.
|
CWE-362
Race Condition
|
CVE-2025-13036
|
2026-06-17 00:26 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2462
|
- |
|
-
|
-
|
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including …
|
CWE-862
Missing Authorization
|
CVE-2025-14272
|
2026-06-17 00:26 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2463
|
- |
|
-
|
-
|
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing conn…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-0646
|
2026-06-17 00:26 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2464
|
- |
|
-
|
-
|
An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface passwor…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-0647
|
2026-06-17 00:26 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2465
|
- |
|
-
|
-
|
A denial of service security issue exists in the
affected product. The security issue stems from a fault occurring when a
crafted CIP message is sent. Devices with less memory are more likely to be
a…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-11317
|
2026-06-17 00:26 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2466
|
7.5 |
HIGH
Network
|
-
|
-
|
A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell comman…
|
CWE-78
OS Command
|
CVE-2026-12398
|
2026-06-17 00:26 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2467
|
- |
|
-
|
-
|
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are acc…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-9307
|
2026-06-17 00:26 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2468
|
7.5 |
HIGH
Network
|
-
|
-
|
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable versio…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-41708
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2469
|
8.6 |
HIGH
Network
|
-
|
-
|
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsear…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-47835
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2470
|
8.6 |
HIGH
Network
|
-
|
-
|
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.
Af…
|
CWE-346
Origin Validation Error
|
CVE-2026-47825
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
