Latest News

The cybersecurity requirements follow an extended timeline over the next two years, and are meant to secure US shipping ports from disruption by malicious actors.

Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign.  The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge. It's believed to be active since early 2021, indiscriminately targeting a wide range of sectors, such as retail,

A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.

The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0.

The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: Provisioning Manager Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a cross-site scripting attack, which could result in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Lantronix products are affected: Provisioning Manager: Versions 7.10.2 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 Provisioning Manager is vulnerable to XML External Entity (XXE) attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed. CVE-2025-7766 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: DuraComm Corporation Equipment: SPM-500 DP-10iN-100-MU Vulnerabilities: Cleartext Transmission of Sensitive Information, Missing Authentication for a Critical Function, Improper Neutralization of Input During Web Page Generation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of DuraComm SPM-500 DP-10iN-100-MU, a power distribution panel, are affected: SPM-500 DP-10iN-100-MU: Version 4.10 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 The affected product is vulnerable to a cross-site scripting (XSS) attack. This could allow an attacker to prevent legitimate users from accessing the web interface. CVE-2025-41425 has...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Schneider Electric Equipment: EcoStruxure Power Operation Vulnerabilities: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'), Integer Overflow to Buffer Overflow, Improper Handling of Highly Compressed Data (Data Amplification), Out-of-bounds Write, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the loss of system functionality or unauthorized access to system functions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products use an affected version of the PostgreSQL database server: EcoStruxure Power Operation (EPO): 2022 CU6 and prior EcoStruxure Power Operation (EPO): 2024 CU1 and prior 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Directives in Dynamically Evaluated C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: System Monitor Application Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute untrusted code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products are affected: System Monitor application in Harmony Industrial PC series: All versions System Monitor application in Pro-face Industrial PC series: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79 In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing CVE-2020-11023 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could provide other authenticated users with potentially inappropriate access to TGML diagrams. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products are affected: EcoStruxure Power Monitoring Expert (PME): 2023 EcoStruxure Power Monitoring Expert (PME): 2023 R2 EcoStruxure Power Monitoring Expert (PME): 2024 EcoStruxure Power Monitoring Expert (PME): 2024 R2 EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module: 2022 EcoStruxure Power Operation (EPO) Advanced Reporting and Dashboards Module: 2024 3.2 Vulnerability Overview 3.2.1 EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668 A resource exposure vulnera...