VulDB Recent Entries

A vulnerability was found in Siemens Teamcenter. It has been rated as critical. The impacted element is an unknown function. Performing a manipulation results in hard-coded credentials. This vulnerability is known as CVE-2026-33893. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Siemens SIMATIC HMI MTP1000 Unified Comfort Panel, SIMATIC HMI MTP1000 Unified Comfort Panel hygienic, SIMATIC HMI MTP1000 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1000, Unified Comfort Panel neutral, SIMATIC HMI MTP1200 Comfort Pro for stand, SIMATIC HMI MTP1200 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1200 Comfort Pro for support arm, SIMATIC HMI MTP1200 Comfort Pro neutral design for stand, SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1200 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1200 Unified Comfort Panel, SIMATIC HMI MTP1200 Unified Comfort Panel hygienic, SIMATIC HMI MTP1200 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1200 Unified Comfort Panel neutral design, SIMATIC HMI MTP1500 Comfort Pro for stand, SIMATIC HMI MTP1500 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1500 Comfort Pro for support arm, SIMATIC HMI MTP1500 Comfort Pro neutral design for stand, SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1500 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1500 Unified Comfort Panel, SIMATIC HMI MTP1500 Unified Comfort Panel hygienic, SIMATIC HMI MTP1500 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1500 Unified Comfort Panel neutral design, SIMATIC HMI MTP1900 Comfort Pro for stand, SIMATIC HMI MTP1900 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP1900 Comfort Pro for support arm, SIMATIC HMI MTP1900 Comfort Pro neutral design for stand, SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP1900 Comfort Pro neutral design for support arm, SIMATIC HMI MTP1900 Unified Comfort Panel, SIMATIC HMI MTP1900 Unified Comfort Panel hygienic, SIMATIC HMI MTP1900 Unified Comfort Panel hygienic neutral design, SIMATIC HMI MTP1900 Unified Comfort Panel neutral design, SIMATIC HMI MTP2200 Comfort Pro for stand, SIMATIC HMI MTP2200 Comfort Pro for support arm and extension unit, SIMATIC HMI MTP2200 Comfort Pro for support arm, SIMATIC HMI MTP2200 Comfort Pro neutral design for stand, SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm and extensio, SIMATIC HMI MTP2200 Comfort Pro neutral design for support arm, SIMATIC HMI MTP2200 Unified Comfort Hygienic, SIMATIC HMI MTP2200 Unified Comfort Hygienic neutral design, SIMATIC HMI MTP2200 Unified Comfort Panel, SIMATIC HMI MTP2200 Unified Comfort Panel neutral design and SIMATIC HMI MTP700 Unified. It has been declared as problematic. The affected element is an unknown function. Such manipulation leads to insecure default initialization of resource. This vulnerability is traded as CVE-2026-27662. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens SIMATIC Drive Controller CPU 1504D TF, SIMATIC Drive Controller CPU 1507D TF, SIMATIC ET 200SP CPU 1510SP F-1 PN, SIMATIC ET 200SP CPU 1510SP-1 PN, SIMATIC ET 200SP CPU 1512SP F-1 PN, SIMATIC ET 200SP CPU 1512SP-1 PN, SIMATIC ET 200SP CPU 1514SP F-2 PN, SIMATIC ET 200SP CPU 1514SP-2 PN, SIMATIC ET 200SP CPU 1514SPT F-2 PN, SIMATIC ET 200SP CPU 1514SPT-2 PN, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUs, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513pro F-2 PN, SIMATIC S7-1500 CPU 1513pro-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN, DP, SIMATIC S7-1500 CPU 1516F-3 PN, SIMATIC S7-1500 CPU 1516pro F-2 PN, SIMATIC S7-1500 CPU 1516pro-2 PN, SIMATIC S7-1500 CPU 1516T-3 PN, SIMATIC S7-1500 CPU 1516TF-3 PN, SIMATIC S7-1500 CPU 1517-3 PN, SIMATIC S7-1500 CPU 1517F-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN, SIMATIC S7-1500 CPU 1517TF-3 PN, SIMATIC S7-1500 CPU 1518-3 PN, SIMATIC S7-1500 CPU 1518-4 PN, DP MFP, SIMATIC S7-1500 CPU 1518F-3 PN, SIMATIC S7-1500 CPU 1518F-4 PN, SIMATIC S7-1500 CPU 1518T-3 PN, SIMATIC S7-1500 CPU 1518T-4 PN, SIMATIC S7-1500 CPU 1518TF-3 PN, SIMATIC S7-1500 CPU 1518TF-4 PN, SIMATIC S7-1500 CPU S7-1518-4 PN, DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3 and SIMATIC S7-150 up to 3.1.5. It has been classified as problematic. Impacted is an unknown function of the component Firmware Update Page. This manipulation causes cross site scripting. This vulnerability appears as CVE-2026-25789. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Siemens SIMATIC CN 4100 up to 4.x and classified as critical. This issue affects some unknown processing. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2026-22925. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability has been found in Siemens blueplanet 100 NX3 M8, blueplanet 100 TL3 GEN2, blueplanet 105 TL3, blueplanet 105 TL3 GEN2, blueplanet 110 TL3, blueplanet 125 NX3 M11, blueplanet 125 TL3, blueplanet 125 TL3 GEN2, blueplanet 137 TL3, blueplanet 150 TL3, blueplanet 150 TL3 GEN2, blueplanet 155 TL3, blueplanet 155 TL3 GEN2, blueplanet 165 TL3, blueplanet 165 TL3 GEN2, blueplanet 25.0 NX3-33.0 NX3, blueplanet 3.0 NX3-20.0 NX3, blueplanet 3.0 TL3-60.0 TL3, blueplanet 3.0-5.0 NX1, blueplanet 360 NX3 M6, blueplanet 50.0 NX3-60.0 NX3, blueplanet 87.0 TL3, blueplanet 87.0 TL3 GEN2, blueplanet 92.0 TL3, blueplanet 92.0 TL3 GEN2, blueplanet gridsafe 110 TL3-S, blueplanet gridsafe 137 TL3-S, blueplanet gridsafe 92.0 TL3-S, blueplanet hybrid 10.0 TL3 and blueplanet hybrid 6.0 NH3-12.0 NH3 and classified as critical. This vulnerability affects unknown code of the component Technical Service. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is documented as CVE-2025-40946. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Siemens SIMATIC CN 4100 up to 4.x. This affects an unknown part. Executing a manipulation can lead to missing authentication. This vulnerability is registered as CVE-2026-22924. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in stylemix Motors Plugin up to 1.4.103 on WordPress. Affected by this issue is the function stm_save_user_extra_fields of the component User Meta Update Handler. Performing a manipulation of the argument user_id results in missing authorization. This vulnerability is cataloged as CVE-2026-1934. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Code Runner MCP Server. Affected by this vulnerability is the function child_process.exec of the file /mcp of the component RPC Endpoint. Such manipulation leads to missing authentication. This vulnerability is listed as CVE-2026-5029. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability classified as problematic has been found in Siemens SIPROTEC 5 6MD84, SIPROTEC 5 6MD85, SIPROTEC 5 6MD86, SIPROTEC 5 6MD89, SIPROTEC 5 6MU85, SIPROTEC 5 7KE85, SIPROTEC 5 7SA82, SIPROTEC 5 7SA84, SIPROTEC 5 7SA86, SIPROTEC 5 7SA87, SIPROTEC 5 7SD82, SIPROTEC 5 7SD84, SIPROTEC 5 7SD86, SIPROTEC 5 7SD87, SIPROTEC 5 7SJ81, SIPROTEC 5 7SJ82, SIPROTEC 5 7SJ85, SIPROTEC 5 7SJ86, SIPROTEC 5 7SK82, SIPROTEC 5 7SK85, SIPROTEC 5 7SL82, SIPROTEC 5 7SL86, SIPROTEC 5 7SL87, SIPROTEC 5 7SS85, SIPROTEC 5 7ST85, SIPROTEC 5 7ST86, SIPROTEC 5 7SX82, SIPROTEC 5 7SX85, SIPROTEC 5 7SY82, SIPROTEC 5 7UM85, SIPROTEC 5 7UT82, SIPROTEC 5 7UT85, SIPROTEC 5 7UT86, SIPROTEC 5 7UT87, SIPROTEC 5 7VE85, SIPROTEC 5 7VK87, SIPROTEC 5 7VU85 and SIPROTEC 5 Compact 7SX800. Affected is an unknown function of the component Session Identifier Handler. This manipulation causes small space of random values. This vulnerability is tracked as CVE-2024-54017. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Siemens RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536 and RUGGEDCOM ROX RX5000 up to 2.17.0. This impacts an unknown function of the component Installation Handler. The manipulation results in os command injection. This vulnerability is identified as CVE-2025-40947. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Siemens RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536 and RUGGEDCOM ROX RX5000 up to 2.17.0. This affects the function Scheduler. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2025-40949. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Siemens RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, RUGGEDCOM ROX RX1400, RUGGEDCOM ROX RX1500, RUGGEDCOM ROX RX1501, RUGGEDCOM ROX RX1510, RUGGEDCOM ROX RX1511, RUGGEDCOM ROX RX1512, RUGGEDCOM ROX RX1524, RUGGEDCOM ROX RX1536 and RUGGEDCOM ROX RX5000 up to 2.17.0. The impacted element is an unknown function of the component RPC Interface. Executing a manipulation can lead to argument injection. The identification of this vulnerability is CVE-2025-40948. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Google Cloud AlloyDB for PostgreSQL. The affected element is an unknown function of the component REST API. Performing a manipulation results in use of default credentials. This vulnerability was named CVE-2026-7428. The attack may be initiated remotely. There is no available exploit. This product is a managed service, therefore users are not responsible for maintaining vulnerability countermeasures. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Siemens SIMATIC CN 4100 up to 4.x. Impacted is an unknown function. Such manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2026-22925. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in davidskysa Skysa Text Ticker App Plugin up to 1.4 on WordPress. It has been rated as problematic. This issue affects the function SkysaApps_Admin_AppPage of the component Scrolling Message Handler. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2026-6710. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in shamim_d Bootstrap Shortcode Plugin up to 1.0 on WordPress. It has been declared as problematic. This vulnerability affects the function box of the component Shortcode Handler. The manipulation results in cross site scripting. This vulnerability is known as CVE-2026-7661. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in webpack-dev-server up to 5.2.3. It has been classified as problematic. This affects an unknown part. The manipulation leads to exposed dangerous routine. This vulnerability is traded as CVE-2026-6402. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in riotweb Advanced Social Media Icons Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function social of the component Shortcode Handler. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2026-7659. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in phkcorp2005 WP-Redirection Plugin up to 1.0.3 on WordPress and classified as problematic. Affected by this vulnerability is the function check_admin_referer of the component Setting Handler. Performing a manipulation of the argument nonce results in cross-site request forgery. This vulnerability is reported as CVE-2026-7562. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in tienrocker Tm Plugin up to 1.2 on WordPress. Affected is an unknown function of the component Setting Handler. Such manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2026-7561. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.