VulDB Recent Entries

A vulnerability classified as critical has been found in GitHub Enterprise Server up to 3.19.2. This affects an unknown part. Performing a manipulation results in command injection. This vulnerability is known as CVE-2026-3854. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.74/6.18.15/6.19.5/7.0-rc1. Affected by this issue is the function espintcp_close of the component Delayed ACK Handler. Such manipulation leads to race condition. This vulnerability is traded as CVE-2026-23239. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Microsoft Microsoft Azure AD SSH Login Extension for Linux. Affected by this vulnerability is an unknown functionality. This manipulation causes external initialization of trusted variables or data stores. This vulnerability appears as CVE-2026-26148. The attack requires local access. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A vulnerability labeled as problematic has been found in Microsoft Excel. Affected is an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-26144. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability identified as critical has been detected in Microsoft Azure Automation Hybrid Worker Windows Extension. This impacts an unknown function. The manipulation leads to improper authentication. This vulnerability is documented as CVE-2026-26141. The attack needs to be performed locally. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability categorized as critical has been discovered in Microsoft Office. This affects an unknown function. Executing a manipulation can lead to integer overflow. This vulnerability is registered as CVE-2026-26134. It is possible to launch the attack remotely. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability was found in Microsoft Windows up to Server 2025. It has been rated as critical. The impacted element is an unknown function of the component Kernel. Performing a manipulation results in use after free. This vulnerability is cataloged as CVE-2026-26132. The attack must be initiated from a local position. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in Microsoft .NET. It has been declared as critical. The affected element is an unknown function. Such manipulation leads to incorrect default permissions. This vulnerability is listed as CVE-2026-26131. The attack must be carried out locally. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability was found in Microsoft ASP.NET Core. It has been classified as problematic. Impacted is an unknown function. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2026-26130. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as critical. This issue affects some unknown processing of the component SMB Server. The manipulation results in improper authentication. This vulnerability is identified as CVE-2026-26128. The attack is only possible with local access. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability has been found in gtsteffaniak filebrowser up to 1.2.1-stable/1.3.0-beta and classified as problematic. Affected is an unknown function of the file /public/share/. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-30934. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in nicolargo glances up to 4.5.0. This impacts the function normalize of the component TimescaleDB Export Module. The manipulation results in sql injection. This vulnerability is cataloged as CVE-2026-30930. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in nicolargo glances up to 4.5.0. This affects the function self.config.as_dict of the file /api/4/config of the component REST API Endpoint. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-30928. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Siemens SINEC Security Monitor up to 4.8.x. The impacted element is an unknown function. Executing a manipulation can lead to exposure of sensitive information through metadata. This vulnerability is tracked as CVE-2026-27661. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Siemens SICAM SIAPP SDK up to 2.1.6. The affected element is an unknown function. Performing a manipulation results in file inclusion. This vulnerability is identified as CVE-2026-25605. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Siemens SICAM SIAPP SDK up to 2.1.6. Impacted is an unknown function. Such manipulation leads to file inclusion. This vulnerability is referenced as CVE-2026-25573. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Siemens SIMATIC Drive Controller CPU 1504D TF, SIMATIC Drive Controller CPU 1507D TF, SIMATIC ET 200SP CPU 1510SP F-1 PN, SIMATIC ET 200SP CPU 1510SP-1 PN, SIMATIC ET 200SP CPU 1512SP F-1 PN, SIMATIC ET 200SP CPU 1512SP-1 PN, SIMATIC ET 200SP CPU 1514SP F-2 PN, SIMATIC ET 200SP CPU 1514SP-2 PN, SIMATIC ET 200SP CPU 1514SPT F-2 PN, SIMATIC ET 200SP CPU 1514SPT-2 PN, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 V3 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V2 CPUs, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 V3 CPUs, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513pro F-2 PN, SIMATIC S7-1500 CPU 1513pro-2 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN, DP, SIMATIC S7-1500 CPU 1516F-3 PN, SIMATIC S7-1500 CPU 1516pro F-2 PN, SIMATIC S7-1500 CPU 1516pro-2 PN, SIMATIC S7-1500 CPU 1516T-3 PN, SIMATIC S7-1500 CPU 1516TF-3 PN, SIMATIC S7-1500 CPU 1517-3 PN, SIMATIC S7-1500 CPU 1517F-3 PN, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517H-4 PN, SIMATIC S7-1500 CPU 1517T-3 PN, SIMATIC S7-1500 CPU 1517TF-3 PN, SIMATIC S7-1500 CPU 1518-3 PN, SIMATIC S7-1500 CPU 1518-4 PN, DP MFP, SIMATIC S7-1500 CPU 1518F-3 PN, SIMATIC S7-1500 CPU 1518F-4 PN, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-3 PN, SIMATIC S7-1500 CPU 1518T-4 PN, SIMATIC S7-1500 CPU 1518TF-3 PN, SIMATIC S7-1500 CPU 1518TF-4 PN, SIMATIC S7-1500 CPU S7-1518-4 PN, DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4 and SIM. This issue affects some unknown processing of the component Trace File Handler. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-40943. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as problematic has been found in Siemens Heliox Flex 180 kW EV Charging Station and Heliox Mobile DC 40 kW EV Charging Station. This vulnerability affects unknown code. The manipulation results in improper restriction of communication channel to intended endpoints. This vulnerability was named CVE-2025-27769. An attack on the physical device is feasible. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Siemens SICAM SIAPP SDK up to 2.1.6. This affects an unknown part. The manipulation leads to improper handling of length parameter inconsistency. This vulnerability is uniquely identified as CVE-2026-25572. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Siemens SICAM SIAPP SDK up to 2.1.6. Affected by this issue is some unknown functionality. Executing a manipulation can lead to improper handling of length parameter inconsistency. This vulnerability is handled as CVE-2026-25571. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.