Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Siemens Energy Services

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Energy Services Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Energy Services: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276 Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and...

us-cert
Open in Source
#vulnerability#web
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already

CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers

The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device.

GHSA-w5px-5878-m9x4: Drupal Lightgallery Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS). This issue affects Lightgallery: from 0.0.0 before 1.6.0.

GHSA-pwj7-5c7c-mwjc: Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability

Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation. This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.

GHSA-rx97-6c62-55mf: Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.

GHSA-48wx-8736-jgx2: Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse. This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.

GHSA-c424-hgg9-9c4w: Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

GHSA-r6xj-43cf-9f88: Drupal Quick Node Block Missing Authorization vulnerability

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing. This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

GHSA-q9h3-r6wr-p3j3: Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse. This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.