VDE-2025-106
Jan. 26, 2026, 11:00 AM
An optional package of the TwinCAT 3 XAR installs the TwinCAT 3 HMI Server on a device. It provides a server configuration page which can be accessed by administrative users …
VDE-2025-073
Jan. 13, 2026, 9:00 AM
A code injection vulnerability at the upload-config endpoint in the firmware of TC ROUTER and CLOUD CLIENT Industrial Mobile network routers has been discovered that can be exploited by an …
VDE-2025-095
Jan. 19, 2026, 9:00 AM
Two remote stack buffer overflow vulnerabilities were discovered in WAGO industrial switches. These issues originate from unsafe input handling in custom HTTP request parsing functions within the lighttpd binary. The …
VDE-2024-076
Dec. 10, 2025, 8:00 AM
Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and …
VDE-2025-089
Dec. 10, 2025, 8:00 AM
The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through …
VDE-2025-071
Jan. 12, 2026, 9:00 AM
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx firmware prior to version 3.50. Two of these (CVE-2025-41692 and CVE-2025-41696) enable an attacker to access the device's file system. …
VDE-2025-105
Dec. 8, 2025, 10:00 AM
A vulnerability in Wibu-Systems CodeMeter (up to version 7.60b) affects multiple Endress+Hauser products. This flaw can lead to a heap buffer overflow, which may allow remote code execution under certain …
VDE-2025-107
Dec. 5, 2025, 12:00 PM
Multiple vulnerabilities in a Qualcomm component have been reported in a closed-source report. This component is an integral part of the radio chip found in several Endress+Hauser products.