VDE-2025-091
Oct. 14, 2025, 12:00 PM
The embedded web interface of the MURRELEKTRONIK IMPACT67 Pro PN DIO8 IOL8 transmits login credentials over unencrypted HTTP using a GET request. The device does not offer HTTPS/TLS support, exposing …
VDE-2025-074
Oct. 14, 2025, 12:00 PM
A vulnerability in the firmware of CHARX SEC-3xxx charging controllers have been discovered.
VDE-2025-072
Oct. 14, 2025, 8:00 AM
Multiple vulnerabilities were discovered in the firmware of QUINT4-UPS EIP devices that can be used by an unauthenticated remote attacker to perform Denial of Service attacks and to gather login …
VDE-2025-087
Sept. 24, 2025, 11:00 AM
Due to a missing authentication check, the WAGO Solution Builder and the WAGO Device Sphere are vulnerable to a potential information exposure.
VDE-2025-083
Sept. 15, 2025, 10:00 AM
The vulnerability in the Ethernet switch circuit is caused by a PullUp resistor at the reset input, leading to premature activation and undefined operation. Switching to a PullDown resistor keeps …
VDE-2025-085
Sept. 22, 2025, 10:00 AM
A path traversal flaw in the SmartEMS upload handling allows authenticated users to direct upload data outside of the intended directory via the 'Upload-Key' header. In deployments where writable, code-interpreted …
VDE-2025-080
Sept. 9, 2025, 12:00 PM
A missing authentication vulnerability exists in the iocheckd service "I/O-Check" functionality. A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being …
VDE-2025-077
Sept. 9, 2025, 12:00 PM
The jq JSON processor, which is used to migrate firmware configurations in the product, contains 2 vulnerabilities that can be exploited by an authenticated attacker.