Export limit exceeded: 355060 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355060 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355060 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13533 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2026-06-02 | 8.1 High |
| In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. | ||||
| CVE-2019-10996 | 1 Redlion | 1 Crimson | 2026-06-02 | 7.8 High |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that can reference memory after it has been freed. | ||||
| CVE-2019-10990 | 1 Redlion | 1 Crimson | 2026-06-02 | 6.5 Medium |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | ||||
| CVE-2019-10984 | 1 Redlion | 1 Crimson | 2026-06-02 | 7.8 High |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. | ||||
| CVE-2019-10978 | 1 Redlion | 1 Crimson | 2026-06-02 | 3.3 Low |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. | ||||
| CVE-2018-8855 | 1 Echelon | 8 I.lon 100, I.lon 100 Firmware, I.lon 600 and 5 more | 2026-06-02 | 9.8 Critical |
| Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP. | ||||
| CVE-2018-8851 | 1 Echelon | 8 I.lon 100, I.lon 100 Firmware, I.lon 600 and 5 more | 2026-06-02 | 9.8 Critical |
| Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. | ||||
| CVE-2018-12594 | 1 Reliablecontrols | 2 Mach-prowebcom, Mach-prowebcom Firmware | 2026-06-02 | 7.5 High |
| Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field. | ||||
| CVE-2016-9159 | 1 Siemens | 21 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 314, Simatic S7-300 Cpu 315-2 Dp and 18 more | 2026-06-02 | 5.9 Medium |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. | ||||
| CVE-2015-0987 | 1 Omron | 3 Cj2h Plc, Cj2m Plc, Cx-programmer | 2026-06-02 | 10 Critical |
| Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request. | ||||
| CVE-2026-5076 | 2026-06-02 | 9.8 Critical | ||
| The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset key in the `arm_reset_password_key` user meta field when a user requests a password reset. This is in addition to the hashed key that WordPress core stores securely in `wp_users.user_activation_key`. The plaintext key stored in `wp_usermeta` can be used with the plugin's custom `armrp` reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-5073, CVE-2026-5074), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators. | ||||
| CVE-2026-5074 | 2026-06-02 | 6.5 Medium | ||
| The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient sanitization of the user-supplied parameter which is concatenated directly into the ORDER BY clause of an SQL query without a whitelist check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note: The vulnerability can only be exploited if the "User Private Content" addon is enabled, which is disabled by default.. | ||||
| CVE-2026-5073 | 2026-06-02 | 7.5 High | ||
| The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of sufficient preparation on the existing SQL query in the `arm_get_directory_members()` function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-48520 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash | ||||
| CVE-2025-52540 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation. | ||||
| CVE-2025-48513 | 1 Amd | 6 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 3 more | 2026-06-02 | N/A |
| Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability. | ||||
| CVE-2025-29936 | 1 Amd | 7 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 4 more | 2026-06-02 | N/A |
| Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality. | ||||
| CVE-2025-0028 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability. | ||||
| CVE-2025-29937 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality. | ||||
| CVE-2025-29944 | 1 Amd | 14 Athlon 3000 Series Mobile Processors With Radeon Graphics, Ryzen 3000 Series Mobile Processors With Radeon Graphics, Ryzen 4000 Series Mobile Processors With Radeon Graphics and 11 more | 2026-06-02 | N/A |
| A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash | ||||