Security Issues, Vulnerabilities, Exploits & Government Alerts
Sep 10, 2025Ravie LakshmananVulnerability / Software Security Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer…
Sep 10, 2025Ravie LakshmananSoftware Security / Vulnerability SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary…
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly efficient attack pipeline” in recent phishing campaigns, according to new findings from ReliaQuest. “Axios user…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix® 5480 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Activation Manager Vulnerability: Incorrect Implementation of Authentication Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Rockwell Automation Equipment: Analytics LogixAI Vulnerability: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerability: Use of Platform-Dependent Third Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could allow…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Optix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix IOS Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run…