VDE-2025-061
Sept. 8, 2025, 9:00 AM
Bender is publishing this advisory to inform customers about a security vulnerability in the Charge Controller product families. Bender has analyzed the weakness and determined that the electrical safety of …
VDE-2025-082
Sept. 8, 2025, 9:00 AM
A vulnerability in sudo allows a low privileged attacker to execute commands with root rights.
VDE-2025-084
Sept. 8, 2025, 9:00 AM
Bender is publishing this advisory to inform customers about a security vulnerability in the Charge Controller product families. Bender has analyzed the weakness and determined that the electrical safety of …
VDE-2025-066
Aug. 27, 2025, 10:00 AM
A security researcher discovered a Directory Traversal vulnerability in Sunny Boy 3, which allows remote attackers to access sensitive information. The vulnerability is already fixed since January 2021 with version …
VDE-2025-076
Aug. 26, 2025, 9:00 AM
A hard-coded JWT secret in the egOS WebGUI backend is readable to the default user, allowing attackers to forge valid tokens and access protected API endpoints.
VDE-2025-078
Aug. 29, 2025, 12:00 PM
The TRUMPF remote support infrastructure selects an outdated encryption algorithm when setting up communication channels for machines. This cannot be prevented for old machines. For most machines it is possible …
VDE-2025-050
Aug. 19, 2025, 12:00 PM
A security researcher discovered a data disclosure vulnerability in Sunny Portal powered by ennexOS, ennexos.sunnyportal.com. A regularly authenticated user can receive the name of an other registered Sunny Portal user …
VDE-2025-063
Aug. 12, 2025, 12:00 PM
A privilege escalation vulnerability exists in Phoenix Contact Device and Update Management prior to version 2025.3.1 due to misconfigured permissions on nssm.exe in the DAUM-WINDOWS-SERVICE. This misconfiguration allows a low-privileged …