Bulletins

CISA (ALL)
07/07/2026

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  • CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
  • CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability  
  • CVE-2026-56290 Joomlack Page Builder Improper …
CISA (ALL)
07/07/2026

View CSAF

Summary

Hitachi Energy is aware of a buffer overflow vulnerability that affects e-mesh EMS product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please …

CISA (ALL)
07/07/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations.

The following versions of Labcenter Proteus 9 are affected:

  • Proteus 9.1_SP4_Build_42914
CVSS Vendor Equipment
CISA (ALL)
07/07/2026

View CSAF

Summary

Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or unauthorized access.

The following versions …

CISA (ALL)
07/07/2026

View CSAF

Summary

Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user. Siemens …

CISA (ALL)
07/07/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts.

The following versions of Digi International PortServer TS, Digi One SP IA are affected:

  • PortServer TS
  • Digi …
CISA (ALL)
07/07/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could lead to privilege escalation, or result in a denial-of-service attack.

The following versions of Hydro-Québec Le Circuit Electrique charging station backend are affected:

  • Le Circuit Electrique charging station backend
CVSS
CISA (ALL)
07/02/2026

View CSAF

Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to device information or cause a denial-of-service condition.

The following versions of ST Engineering iDirect iQ-Series Terminals are affected:

  • Evolution iQ‑Series terminals <=4.5.2.1 (CVE-2026-38059, CVE-2026-38057)
  • 3315‑Series terminals <=4.5.2.1 …