Radar
A personal hobby project. Radar aggregates security advisories from CISA, Zero Day Initiative and CERT-EU and adds short editorial highlights on what I find notable from a European infrastructure perspective — not a threat-intel service, not exhaustive, just what catches my eye.
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751 Check…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability This…
Read more → -
NAVTOR NavBox
The advisory states that hard-coded credentials in NavBox's SOAP implementation could allow a local attacker to bypass authentication and access privileged file operations.
Read more → -
Hitachi Energy MACH HiDraw
The vulnerability affects MACH HiDraw versions 9.22 and prior, with exploitation requiring authenticated local access and a specially crafted XML file.
Read more → -
Hitachi Energy ITT600 Explorer
The affected ITT600 Explorer versions include those prior to 2.1 SP6 and specifically 2.1 SP6 itself, with a patch available in 2.1 SP6 HF1.
Read more → -
B&R PPT30 Operating System
The vulnerability affects the OPC-UA server in B&R PPT30 Operating System versions prior to 1.8.0 and could be exploited by an unauthenticated network-based attacker to block access to the service.
Read more → -
Hitachi Energy RTU500
The advisory lists multiple overlapping version ranges for the RTU500 series CMU firmware, with repeated CVEs across entries, which may indicate consolidated reporting of previously disclosed issues.
Read more → -
ZDI-26-328: ASUS Business Manager Service Client-Side Authentication Local Privilege Escalation Vulnerability
The vulnerability involves client-side authentication in the ASUS Business Manager Service, which may allow local privilege escalation if exploited.
Read more → -
ZDI-26-331: (Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability
The vulnerability involves directory traversal in Microsoft Edge's feedback log file handling, potentially enabling remote code execution with user interaction.
Read more → -
ZDI-26-330: (Pwn2Own) Microsoft Edge Navigation Handling Universal Cross-Site Scripting Vulnerability
The vulnerability requires user interaction to visit a malicious page or open a malicious file, indicating execution depends on social engineering.
Read more → -
ZDI-26-329: (Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability
The vulnerability requires user interaction, such as visiting a malicious page, to exploit a security bypass in Microsoft Edge.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
The added vulnerability involves deserialization of untrusted data in a Magento extension, a flaw type often exploited to achieve remote code execution.
Read more → -
ZDI-26-327: Docker Desktop grpcfuse Kernel Module Uncontrolled Recursion Denial-of-Service Vulnerability
The vulnerability resides in the Docker Desktop grpcfuse kernel module, which can be triggered by low-privileged code running inside a container.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2022-0492 involves improper authentication in the Linux kernel, a component present in many enterprise and embedded systems. Its inclusion in the KEV catalog indicates observed exploitation despite its 2022 publication date.
Read more → -
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
The advisory states that internet-exposed ATG systems are being targeted via hardcoded credentials and command execution. Removing these systems from public networks is explicitly recommended.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-21182 Oracle WebLogic Server Unspecified Vulnerability This type of…
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS that CISA has observed being actively exploited.
Read more → -
Supply Chain Compromises Impact Nx Console and GitHub Repositories
The malicious Nx Console extension (18.95.0) was distributed via VS Code’s automatic update mechanism, potentially affecting systems without user interaction.
Read more → -
ABB EIBPORT
The advisory states that affected ABB EIBPORT devices can expose session IDs and allow configuration changes if exploited. A firmware update is available to address the vulnerabilities.
Read more → -
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
The advisory states that hard-coded administrative credentials are present in the firmware of the affected device, which can be extracted and used to gain unauthorized access.
Read more → -
ABB Busch-Welcome 2 Wire Door Opener Actuator
The advisory states that toggling the mode switch and restarting power can recalibrate the system to correct the misconfiguration.
Read more → -
Fourth Frontier Frontier X Mobile Application, Frontier X2
The advisory states that unauthenticated BLE access allows read/write of critical GATT characteristics, and the mobile app does not authenticate the connected device, enabling spoofing and data injection.
Read more → -
CP Plus 8 Ch. Network Video Recorder
The advisory specifies a stored XSS vulnerability that persists in the device backend and executes when users access affected pages.
Read more → -
XCharge C6
The advisory states that XCharge C6 devices with firmware prior to May 22, 2026, are affected by multiple critical vulnerabilities, including firmware update mechanisms that lack cryptographic validation.
Read more → -
KMW CCTV Security Cameras
The advisory states that affected KMW cameras allow unauthenticated password resets, enabling full access to camera feeds and settings.
Read more → -
MacGregor Voyage Data Recorder (VDR) G4e
The advisory states that default credentials are present without enforced password changes, and authenticated users can extract password hashes via backup files.
Read more → -
ZDI-26-326: TrendAI Vision One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
The vulnerability is a time-of-check to time-of-use (TOCTOU) issue in the TrendAI Vision One Security Agent that can be exploited by local attackers to escalate privileges.
Read more → -
ZDI-26-325: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation in TrendAI Vision One Security Agent.
Read more → -
ZDI-26-324: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability is a local privilege escalation in TrendAI Vision One Security Agent due to origin validation error.
Read more → -
ZDI-26-323: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation.
Read more → -
ZDI-26-322: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation.
Read more → -
ZDI-26-321: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires prior execution of low-privileged code to enable local privilege escalation within TrendAI Vision One Security Agent.
Read more → -
ZDI-26-320: TrendAI Vision One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
The vulnerability requires an attacker to already have the ability to execute low-privileged code on the system.
Read more → -
CISA Adds Three Known Exploited Vulnerabilities to Catalog
The advisory adds two vulnerabilities involving embedded malicious code in developer tools, which may indicate supply chain compromise.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-48172 is a privilege escalation vulnerability in the LiteSpeed cPanel plugin, now added to CISA's KEV Catalog due to evidence of active exploitation.
Read more → -
ABB Terra AC
The advisory states that unencrypted OCPP communications can enable exploitation of a heap-based buffer overflow, potentially allowing remote firmware manipulation.
Read more → -
ABB LVS MConfig
The advisory states that sensitive information, including passwords, may be stored in cleartext in memory during runtime and exposed via memory dump files.
Read more → -
ABB Ability Camera Connect
The advisory states that an outdated VLC media player component in ABB Ability Camera Connect versions up to 1.5.0.14 contains multiple memory-related vulnerabilities, with a CVSS score of 9.8.
Read more → -
Eppendorf BioFlo 320
The advisory states that all versions of the Eppendorf BioFlo 320 bioreactor are affected due to a hard-coded password in a VNC server, which could allow full access if remote access is enabled.
Read more → -
ABB AbilityTM Zenon Remote Transport Vulnerability
The vulnerability allows unauthorized reboot of the system via the Remote Transport Service due to missing authentication, but requires prior network access.
Read more → -
ABB AC500 V2
The advisory states that fragments of previous Modbus responses may be exposed due to a buffer over-read when unsupported function codes are sent to the AC500 V2 Modbus server.
Read more → -
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
The advisory states that the System Diagnostics Manager (SDM) is disabled by default in Automation Runtime 6 and not intended to be enabled outside secured production networks.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-9082 is an SQL injection vulnerability in Drupal Core that is already being exploited in the wild.
Read more → -
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CVE-2026-34926 affects Trend Micro Apex One (On-Premise), a locally deployed endpoint security solution, and is actively exploited.
Read more → -
ABB Terra AC Wallbox
The advisory states that exploitation requires prior Bluetooth hijacking, and communication is encrypted, which may limit attack feasibility.
Read more → -
Hitachi Energy GMS600
The advisory states that affected GMS600 versions use a vulnerable OpenSSL component enabling potential plaintext recovery via timing attacks.
Read more → -
ABB B&R Automation Studio
The advisory lists 23 CVEs affecting ABB B&R Automation Studio versions prior to 6.5, primarily tied to outdated components like SQLite, with a CVSS score of 9.8.
Read more → -
ABB B&R Automation Runtime
The advisory states that the System Diagnostic Manager (SDM) is disabled by default in Automation Runtime 6 and is not intended to be enabled outside secure environments.
Read more → -
ABB B&R PCs
The advisory states that multiple ABB B&R PC models are affected by several vulnerabilities allowing remote code execution, DoS, DNS cache poisoning, or information disclosure.
Read more → -
ZDI-26-319: Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability
Authentication is required to exploit the command injection vulnerability in Kemp LoadMaster's addcountry function.
Read more → -
ZDI-26-318: Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability
Authentication is required to exploit the command injection vulnerability in Kemp LoadMaster's ssodomain_killsession function.
Read more → -
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
The advisory includes two recently added vulnerabilities in Microsoft Defender, a security product with broad deployment across federal systems.
Read more → -
Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)
The advisory states that versions of EcoStruxure Machine Expert HVAC prior to 1.10.0 store sensitive information in cleartext, potentially exposing protected source code during editing or compiling.
Read more → -
Kieback & Peter DDC Building Controllers
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. The following versions of Kieback & Peter DDC Building Controllers are affected…
Read more → -
Siemens RUGGEDCOM APE1808 Devices
The advisory states that all versions of the Siemens RUGGEDCOM APE1808 are affected due to a buffer overflow in the User-ID Authentication Portal service inherited from Palo Alto Networks' PAN-OS software.
Read more → -
ABB CoreSense HM and CoreSense M10
The advisory states that unauthenticated users can exploit a path traversal vulnerability to access restricted directories, potentially leading to full system compromise.
Read more → -
ScadaBR
The advisory states that ScadaBR 1.2.0 is affected by multiple vulnerabilities, including unauthenticated remote code execution. Notably, the vendor has not responded to CISA's outreach for coordination.
Read more → -
ZKTeco CCTV Cameras
An undocumented, unauthenticated configuration export port on affected ZKTeco cameras can expose camera account credentials and service information.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-42897 is a cross-site scripting vulnerability in Microsoft Exchange Server now added to the KEV Catalog due to evidence of active exploitation.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation.
Read more → -
Siemens Siemens ROS#
ROS# file_server before version 2.2.2 contains a relative path traversal vulnerability. The advisory recommends running the service only on trusted networks and with minimal user rights.
Read more → -
Siemens gWAP
The vulnerability originates in a third-party Axios library dependency and exploits prototype pollution to escalate into remote code execution. Siemens has released version 3.1.1 to address this issue.
Read more → -
Siemens SIMATIC
SIMATIC CN 4100 versions before 5.0 contain 37 distinct vulnerability types. Siemens recommends updating to the latest version.
Read more → -
Siemens Ruggedcom Rox
This vulnerability allows authenticated attackers to escalate to root command execution via the scheduler. Siemens has released new versions for all affected Ruggedcom Rox products.
Read more → -
Siemens Ruggedcom Rox
Siemens Ruggedcom Rox before v2.17.1 bundles multiple third-party vulnerabilities spanning 2019 to 2025. The advisory explicitly recommends updating to the latest versions.
Read more → -
Siemens Simcenter Femap
The advisory states that Simcenter Femap has a heap-based buffer overflow when reading IPT files. Siemens recommends updating to version 2512.0003 or later.
Read more → -
Universal Robots Polyscope 5
An unauthenticated attacker can execute code via OS command injection in Universal Robots Polyscope 5 Dashboard Server. Versions below 5.25.1 are affected.
Read more → -
Siemens Ruggedcom Rox
An authenticated remote attacker can execute arbitrary commands as root via feature key installation. The vulnerability affects multiple Ruggedcom Rox models in versions prior to 2.17.1.
Read more → -
Siemens Teamcenter
Teamcenter V2312 and V2406 incorporate a vulnerable PDF.js component (CVE-2024-4367) from Firefox/Thunderbird. Multiple versions across the product line are affected by three distinct CVEs.
Read more → -
Siemens Solid Edge
Two vulnerabilities in Siemens Solid Edge allow arbitrary code execution via crafted PAR files. The advisory notes deployment in critical manufacturing sectors worldwide.
Read more → -
Siemens SENTRON 7KT PAC1261 Data Manager
The advisory states the vulnerability permits request smuggling in the web server of an energy sector device. This can lead to administrative control via stolen authorization tokens.
Read more → -
Siemens Opcenter RDnL
The advisory states that an unauthenticated attacker on an adjacent network can force a broker to connect to a rogue broker. The advisory notes that message integrity impact is low due to a missing auto refresh feature.
Read more → -
Siemens Ruggedcom Rox
An authenticated attacker can read arbitrary files from the underlying OS filesystem via the web server's JSON-RPC interface. The advisory explicitly states these devices are used in critical manufacturing.
Read more → -
Siemens SIMATIC S7 PLC Web Server
SIMATIC S7 PLC web servers contain cross-site scripting vulnerabilities affecting multiple controller models. Siemens has released patches for some products and recommends mitigation for others.
Read more → -
Siemens Industrial Devices
A single denial-of-service vulnerability (CVE-2025-40833 affects over 20 distinct Siemens industrial network devices. Patches are available for some products, while countermeasures are recommended for others awaiting fixes.
Read more → -
Siemens SIMATIC
Unprotected help links on Siemens HMI panels allow unauthenticated web browser access. This may enable attackers to find backdoors and cause misconfigurations.
Read more → -
Siemens SIPROTEC 5
Session identifier entropy issue in Siemens SIPROTEC 5 protection relays affects numerous hardware variants. The advisory notes that not all product endpoints use the vulnerable session mechanism.
Read more → -
Software Bill of Materials for AI - Minimum Elements
The advisory introduces supplemental minimum elements for AI-specific Software Bill of Materials. This guidance reflects international consensus from G7 partners and is intended to evolve with AI technology.
Read more → -
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
A stack buffer overflow occurs during CMS message parsing before authentication, requiring no key material. The vulnerability affects ABB AC500 V3 PLCs used in critical infrastructure sectors.
Read more → -
Subnet Solutions PowerSYSTEM Center
Multiple CVEs affect different versions of PowerSYSTEM Center, with the 2020, 2024, and 2026 product lines all impacted. The vendor specifies distinct update versions for each affected product line.
Read more → -
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
The advisory specifies that these vulnerabilities were internally discovered by ABB. The affected device's Modbus service becomes unavailable until manually rebooted when exploited.
Read more → -
ABB AC500 V3 Multiple Vulnerabilities
The advisory notes that exposed visualization files contain only static data, not live process data. The update is available in firmware version 3.9.0.
Read more → -
ABB Automation Builder Gateway for Windows
The Windows gateway listens remotely on port 1217 by default, which may expose PLC networks to scanning. Many users are unaware of this remote access feature as it is typically used locally.
Read more → -
Fuji Electric Tellus
The vulnerability involves a kernel driver installed with Tellus that grants all users read and write permissions. This is a privilege escalation issue specific to version 5.0.2.
Read more → -
ZDI-26-317: Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability stems from memory corruption during IPT file parsing in Siemens Simcenter Femap, requiring user interaction for exploitation.
Read more → -
ZDI-26-316: Siemens Simcenter Femap IPT File Parsing Memory Corruption Remote Code Execution Vulnerability
The vulnerability stems from memory corruption during IPT file parsing in Siemens Simcenter Femap, requiring user interaction for exploitation.
Read more → -
ZDI-26-315: Apple macOS USD Out-Of-Bounds Read Information Disclosure Vulnerability
A remote out-of-bounds read vulnerability exists in Apple macOS USD library. Attack vectors depend on implementation.
Read more → -
ZDI-26-314: Apple macOS USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A vulnerability in Apple macOS's USD library enables remote code execution via an out-of-bounds write.
Read more → -
ZDI-26-313: Apple Safari Regular Expression Duplicate Named Groups Heap-based Buffer Overflow Remote Code Execution Vulnerability
The vulnerability involves a heap-based buffer overflow in Apple Safari due to improper handling of duplicate named groups in regular expressions.
Read more → -
ZDI-26-312: Apple Safari Web Inspector WebCore Style Resolver Use-After-Free Remote Code Execution Vulnerability
The vulnerability affects WebCore Style Resolver in Safari's Web Inspector. Exploitation requires user interaction through a malicious page or file.
Read more → -
ZDI-26-311: Apple macOS CoreSymbolication Out-Of-Bounds Read Information Disclosure Vulnerability
The vulnerability involves an out-of-bounds read in the CoreSymbolication framework, potentially disclosing sensitive information.
Read more → -
ZDI-26-310: Microsoft Windows splwow64 Race Condition Local Privilege Escalation Vulnerability
A race condition in splwow64 enables local privilege escalation when an attacker already has code execution. The vulnerability requires pre-existing access on the target system.
Read more → -
ZDI-26-309: Microsoft Windows Message Queueing Double Free Local Privilege Escalation Vulnerability
This vulnerability requires a local attacker to first execute low-privileged code. The ZDI has assigned a CVSS rating of 7.8.
Read more → -
ZDI-26-308: Ivanti Endpoint Manager RemoteControlAuth Exposed Dangerous Method Information Disclosure Vulnerability
The vulnerability involves a method in Ivanti Endpoint Manager's RemoteControlAuth that exposes sensitive information, with authentication normally required but bypassable.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
This advisory adds one vulnerability, CVE-2026-42208, to the Known Exploited Vulnerabilities catalog. The vulnerability affects BerriAI's LiteLLM and involves SQL injection.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-6973 is an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM) now added to CISA's Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
Read more → -
MAXHUB Pivot Client Application
The advisory notes a hardcoded AES key in the MAXHUB Pivot client application allows decryption of tenant email addresses. An attacker can also cause denial-of-service by enrolling unauthorized devices.
Read more → -
CISA Adds One Known Exploited Vulnerability to Catalog
CVE-2026-0300 is an out-of-bounds write vulnerability in Palo Alto Networks PAN-OS that is actively being exploited.
Read more → -
2026-006: Critical Vulnerability in PAN-OS
Palo Alto Networks reports limited exploitation of this vulnerability in the wild. The vulnerability permits unauthenticated attackers to execute arbitrary code with root privileges.
Read more → -
ABB B&R Automation Studio
The vulnerability allows an attacker to intercept and manipulate data exchanges by exploiting improper certificate validation in the OPC-UA and ANSL over TLS clients.
Read more →