VulDB Recent Entries

A vulnerability was found in Microsoft .NET. It has been declared as critical. The affected element is an unknown function. Such manipulation leads to incorrect default permissions. This vulnerability is listed as CVE-2026-26131. The attack must be carried out locally. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability was found in Microsoft ASP.NET Core. It has been classified as problematic. Impacted is an unknown function. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2026-26130. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as critical. This issue affects some unknown processing of the component SMB Server. The manipulation results in improper authentication. This vulnerability is identified as CVE-2026-26128. The attack is only possible with local access. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability has been found in gtsteffaniak filebrowser up to 1.2.1-stable/1.3.0-beta and classified as problematic. Affected is an unknown function of the file /public/share/. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-30934. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in nicolargo glances up to 4.5.0. This impacts the function normalize of the component TimescaleDB Export Module. The manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-30930. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in nicolargo glances up to 4.5.0. This affects the function self.config.as_dict of the file /api/4/config of the component REST API Endpoint. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-30928. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Siemens SINEC Security Monitor up to 4.8.x. The impacted element is an unknown function. Executing a manipulation can lead to exposure of sensitive information through metadata. This vulnerability is tracked as CVE-2026-27661. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Siemens SICAM SIAPP SDK up to 2.1.6. The affected element is an unknown function. Performing a manipulation results in file inclusion. This vulnerability is identified as CVE-2026-25605. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Siemens SICAM SIAPP SDK up to 2.1.6. Impacted is an unknown function. Such manipulation leads to file inclusion. This vulnerability is referenced as CVE-2026-25573. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Siemens SIMATIC Drive Controller CPU 1504D TF, SIMATIC Drive Controller CPU 1507D TF, SIMATIC ET 200SP CPU 1510SP F-1 PN, SIMATIC ET 200SP CPU 1510SP-1 PN, SIMATIC ET 200SP CPU 1512SP F-1 PN, SIMATIC ET 200SP CPU 1512SP-1 PN, SIMATIC ET 200SP CPU 1514SP F-2 PN, SIMATIC ET 200SP CPU 1514SP-2 PN, SIMATIC ET 200SP CPU 1514SPT F-2 PN, SIMATIC ET 200SP CPU 1514SPT-2 PN, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V3 CPUs, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513pro F-2 PN, SIMATIC S7-1500 CPU 1513pro-2 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN, DP, SIMATIC S7-1500 CPU 1516F-3 PN, SIMATIC S7-1500 CPU 1516pro F-2 PN, SIMATIC S7-1500 CPU 1516pro-2 PN, SIMATIC S7-1500 CPU 1516T-3 PN, SIMATIC S7-1500 CPU 1516TF-3 PN, SIMATIC S7-1500 CPU 1517-3 PN, SIMATIC S7-1500 CPU 1517F-3 PN, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517H-4 PN, SIMATIC S7-1500 CPU 1517T-3 PN, SIMATIC S7-1500 CPU 1517TF-3 PN, SIMATIC S7-1500 CPU 1518-3 PN, SIMATIC S7-1500 CPU 1518-4 PN, DP MFP, SIMATIC S7-1500 CPU 1518F-3 PN, SIMATIC S7-1500 CPU 1518F-4 PN, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-3 PN, SIMATIC S7-1500 CPU 1518T-4 PN, SIMATIC S7-1500 CPU 1518TF-3 PN, SIMATIC S7-1500 CPU 1518TF-4 PN, SIMATIC S7-1500 CPU S7-1518-4 PN, DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4 and SIM. This issue affects some unknown processing of the component Trace File Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-40943. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in Siemens Heliox Flex 180 kW EV Charging Station and Heliox Mobile DC 40 kW EV Charging Station. This vulnerability affects unknown code. The manipulation results in improper restriction of communication channel to intended endpoints. This vulnerability was named CVE-2025-27769. An attack on the physical device is feasible. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Siemens SICAM SIAPP SDK up to 2.1.6. This affects an unknown part. The manipulation leads to improper handling of length parameter inconsistency. This vulnerability is uniquely identified as CVE-2026-25572. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Siemens SICAM SIAPP SDK up to 2.1.6. Affected by this issue is some unknown functionality. Executing a manipulation can lead to improper handling of length parameter inconsistency. This vulnerability is handled as CVE-2026-25571. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Siemens SICAM SIAPP SDK up to 2.1.6. It has been rated as critical. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2026-25570. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Siemens SICAM SIAPP SDK up to 2.1.6. It has been declared as critical. Affected is an unknown function. Such manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2026-25569. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Uderzo SpaceSniffer 2.0.5.18. It has been classified as critical. This impacts an unknown function. This manipulation causes buffer overflow. This vulnerability appears as CVE-2026-26738. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in benkeen generatedata 4.0.14 and classified as problematic. This affects an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-70025. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Broadcom SiteMinder 12.8.x/12.9 and classified as problematic. The impacted element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2026-3862. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 148.0.1 on Android. The affected element is an unknown function of the component Playback. Executing a manipulation can lead to heap-based buffer overflow. This vulnerability is registered as CVE-2026-3845. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 148.0.1. Impacted is an unknown function of the component CSS Parser. Performing a manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is cataloged as CVE-2026-3846. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.